[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The role of trust in certification
Tony Bartoletti writes:
>
> The observation was made in response to one of Ed Gerck's statements,
> to the effect that a thing cannot be used until trusted.
Tony:
Pardon. I said the very opposite... a thing is trusted because it works as
desired.
To wit, in the message that initiated this thread I discussed
"whether certificates are trustful because they certify, or certify
because they are trustful", with the following conclusions:
Thus, for certificates, "trust is relative to the user" and
"certificates are trustful because they certify" -- not the other
way around.
The logical expression "certificates are trustful because they
certify" has a far reaching consequence: that trust on the
certificate will be transfered to the user not from the certificate
itself (the objective view) but from the user's perceived assurance
(which must be received from a different information channel than
the certificate itself, such as legal reliance on a CA's CPS,
friendship reliance on a PGP's web-of-trust or protocol reliance
on the Meta-Certificate Standard) that the certificate will work
as desired -- it will certify.
I further re-enforced the concept that trust is usually earned by
performance, and not simply assigned:
Therefore, one may say that a certificate is like a tool, that is
trusted because it is expected that it will work, while trust is
a result of the user's perceived assurance on a set of declarations.
The role of trust in certification is thus to be earned, not
merely assigned.
Therefore, there is NO chicken-and-egg issue here:
>My response
> intended to convey the chicken-and-egg nature of trust in the human
> experience, how we come to trust one another (to do X, be Y, whatever.)
rather, trust is earned by each respective action and reaction.
Cheers,
Ed
______________________________________________________________________
Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
--- Visit the Meta-Certificate Group at http://mcg.org.br ---
Follow-Ups:
References: