[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: SPKI <spki@c2.net>*Subject*: Re: Re: Trust question (fwd)*From*: Ed Gerck <egerck@laser.cps.softex.br>*Date*: Fri, 20 Mar 1998 10:47:51 -0300 (EST)*Sender*: owner-spki@c2.net

I am forwarding this msg to SPKI, to avoid list cross-talk by Ccs. The subject is also relevant to the discussions here and may further show that Matt Blaze is using trust as a misnomer in his papers, specially evident when he talks about "delegating trust" and calculates it using Boolean expressions -- whereas the word to be used would be "authorization". Even though I can't be physically present at the next SPKI meeting at the IETF, please consider this my opinion -- if cyberlife has any meaning or is entitled to opinions ;-) Thanks -- Ed ---------- Forwarded message ---------- Date: Fri, 20 Mar 1998 10:39:59 -0300 (EST) From: Ed Gerck <egerck@laser.cps.softex.br> To: pj ponder <ponder@mail.irm.state.fl.us> Cc: E-CARM <e-carm@c3po.kc-inc.net> Subject: Re: [E-CARM] Re: Trust question (addendum) On Thu, 19 Mar 1998, pj ponder wrote: >Trust is ultimately a subjective determination, and not a mathematical >relationship, like 'greater than' or 'prime'. That being said, I'm not >sure if the statements 1, 2, and 3 below are comparable, let alone >equivalent, in any pairing. Yes, trust is subjective and such is also information -- even when defined in Shannon's sense (eg, loosely, "information is what YOU do not expect"). And yet, such subjective definition of information leads to a very useful mathematical theory of information. That said, supose you have a Turing [1] machine for each statement. The three machines have fully independent initial states. Take now one machine at a time. Represent each A, B and C as states in that machine (which has also other states such as D, E, F..) and take x and y as conditions that relate states A, B and C according to each statement (also including arbitrary conditions z, u, v, w, etc for connections between other states). Make sure that A, B and C have no connection in their respective initial states, which are otherwise random. After each machine runs, compare the final states for each A, B and C in all three machines, two at a time. Then, change all initial conditions in all possible variables, respecting the restraints and run again. Do that enough times. From all such comparisons you have the answers to the binary comparison requested. Then, you see that the problem IS determinate. The fact that one may not have its solution now that does not mean that a solution does not exit of course. Does not mean that one cannot calculate it in closed form either. >If Alice trusts Bob to the extent that she >will lend him five dollars with no security, and Bob trusts Charlie to >always repay his debts, we haven't got a syllogism. Alice may not trust >Charlie at all, for any purpose. Without knowing more about what x and >y represent, we really can't say anything about the relationships between >the statements. > Take what you wrote "Alice may not trust Charlie at all, for any purpose." Is that relevant? how can that be represented? When we work out a a Karnaugh map for a logic circuit some variables are fully independent and that is no problem -- we still arrive at a final boolean expression. This is just algebra -- values come at the end...if it is times 0 then the result is zero and we don't have to worry our pretty little head on that before the result is calculated for *each particular instance*. The equation represents all instances. >Another example: > >1. Alice trusts everything Bob says, feeling that Bob is always truthful >and trustworthy. >2. Bob says, 'Charlie is trustworthy'. >3. May we assume from 1 and 2 that Alice 'trusts' Charlie, or can we only >say that to Alice, it appears as though Bob trusts Charlie? As I commented above, if you feel a particular instance is useful then make sure it is in the logic expression. It's current value is meaningless for problem statement. >One of the problems with over generalizing in these examples is that >actual PKI and CA relationships are complicated by contract and other >liability issues. Trust is not the same thing as 'legal-looking >paper asserts that if something goes wrong, someone else will be >liable,' nor is trust the same thing as: 'If the certificate revocation >list doesn't invalidate the cert I'm dealing with, and my own liability in >any case will be limited to fifty dollars, then I will complete my end of >the transaction and hope for the best.' > This is surely important but we can think of it in layers, like the TCP/IP protocol. Trust MUST come first -- how could you legaly rely on something YOU don't trust? Law requires due diligence and a person cannot legally rely upon an unknown risk. The propositions posed are well-defined and they just deal with trust -- not with any authorization that may result from trust...hence, legal reliance is NOT even a question because there is NO action. Just the plain abstract and platonic act of trust .. there we stop and enquire: what IS this platonic state? Clearly, without answering this question we cannot say anything HOW this platonic trust MAY turn into an authorization for non-platonic action. >Trust is a subjective determination, more like an emotional state than a >mathematical principle, and it may be arbitrarily or capriciously granted >or withheld - reason, logic, and modular exponentiation notwithstanding. Sure, agreed 100%, but that is NOT the question in the propositions and I carefully avoided that in order to allow the problem to be determinate. I took trust (whatever that pesky word may be) as GRANTED and asked: what then? When I stated: "First B trusts C on matters of x..."' and when I explained: Thus, to be precise, when a statement says "B trusts C on matters of x" this means that B knows exactly what C will do regarding matters of x. And that's why C is trusted on matters of x by B, because C can be 100% predicted when dealing with matters of x -- no surprises are expected, as judged by B. How such "certainty" or trust was established is not the question here. It was granted. In other words, that such "certainty" is above logic there is no doubt .. but that once present, the consequences of it are logically followed. For example, after I decide to trust a pizza restaurant to provide good pizzas that is trust matter "x". My decision to go there or not depends on a series of factors (some of them entirely subjective such as hunger and some objective such as money) but it does NOT depend anymore on that trust matter "x" my brain computer has already evaluated and classified. > >Maybe the examples would better serve to analyze CA and PKI models of >trust if we focused on channels of communication? > >1. Alice, through a secure channel, receives a large integer from Bob. >2. .... (left to student to complete) > >as the old signature file says, 'In math we trust.' >-- :-) Can you trust the secure channel? Is Aldrich there? Clearly, trust is a primary concept and everything else follows. That's why we are targeting trust at its pristine state.. before any action is authorized. For that, we do not need communication channels. We just need to evaluate the consequences of the initial trust conditions.. we do not care how they got there or how trust was acquired at this moment because this would NOT be within the domain of logic. Even though, paradoxically enough, if we can logically calculate the consequences of trust and if we can further mathematically estimate the various actions that may be directly and indirectly authorized by such trust and if we can statistically estimate the consequences of such actions to a certain depth, taking into account the various risks and uncertainties, then we may arrive at the conclusion that such consequences will be unpleasant with probability 60% and that it all derived from that initial platonic trust being released... then we may decide NOT to trust ... and so trust acquisition becomes logical. This is a mild paradox and certainly not a contradiction. IMO, it is what could be called "trust refinement" -- where one ennacts the consequences and dynamically refines the trust beliefs in cycles of behavior where the path is helical and not circular.. hence no paradox because one never goes back to the same point. However, back to the subject (sorry for the sidetrack). The objective here is much more modest. It is simply to try to decide if there is any binary equivalence between those three equations, which are to be taken as fully independent and well-defined for trust -- taken as a platonic attribute. The consequences of such trust will then follow as a function of the authorized actions but that does not need to concern us here as we are upstream. Cheers, Ed References: [1] Entscheidungsproblem was a question of decidability posed by the German mathematician, David Hilbert, in an address to the International Congress of Mathematicians in 1928. He asked if in principle, there is any definite mechanical method or process by which all mathematical questions would be decided? In 1936, Alan Turing, a British mathematician, published a paper called "On Computable Numbers with an Application to the Entscheidungsproblem." Alan Turing's paper was a remarkable work, it introduced the concept of the Turing Machine which has become the foundation of the modern theory of computation and computability. Turing laid the theoretical ground-work for all modern computer science. In his paper, Turing showed that what we generally mean by computation could be satisfied by a machine that consisted of a tape of unlimited length with little square cells, and a device with a finite number of states that could read symbols from the tape. Based on that symbol and current state, it could write another symbol over the current symbol and change the current state. Finally, it could move left or right on the tape. (in http://obiwan.uvi.edu/computing/turing/ture.htm) See also (long URL): http://chan.csd.uwo.ca/courses/CS350/1996/MonochromeOnlineNotes/TuringMachinesOnTheNet.html ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br http://novaware.cps.softex.br --- Meta-Certificate Group member, http://www.mcg.org.br ---

- Prev by Date:
**theory-02 comments** - Next by Date:
**Re: Re: Trust question (fwd)** - Prev by thread:
**Re: Alternative authentication & SPKI** - Next by thread:
**Re: Re: Trust question (fwd)** - Index(es):