[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The role of trust in certification
Tony Bartoletti writes:
> The observation was made in response to one of Ed Gerck's statements,
> to the effect that a thing cannot be used until trusted.
Pardon. I said the very opposite... a thing is trusted because it works as
To wit, in the message that initiated this thread I discussed
"whether certificates are trustful because they certify, or certify
because they are trustful", with the following conclusions:
Thus, for certificates, "trust is relative to the user" and
"certificates are trustful because they certify" -- not the other
The logical expression "certificates are trustful because they
certify" has a far reaching consequence: that trust on the
certificate will be transfered to the user not from the certificate
itself (the objective view) but from the user's perceived assurance
(which must be received from a different information channel than
the certificate itself, such as legal reliance on a CA's CPS,
friendship reliance on a PGP's web-of-trust or protocol reliance
on the Meta-Certificate Standard) that the certificate will work
as desired -- it will certify.
I further re-enforced the concept that trust is usually earned by
performance, and not simply assigned:
Therefore, one may say that a certificate is like a tool, that is
trusted because it is expected that it will work, while trust is
a result of the user's perceived assurance on a set of declarations.
The role of trust in certification is thus to be earned, not
Therefore, there is NO chicken-and-egg issue here:
> intended to convey the chicken-and-egg nature of trust in the human
> experience, how we come to trust one another (to do X, be Y, whatever.)
rather, trust is earned by each respective action and reaction.
Dr.rer.nat. E. Gerck email@example.com
--- Visit the Meta-Certificate Group at http://mcg.org.br ---