[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: acceptance&commitments over trust

At 04:43 PM 3/30/98 -0500, you wrote:
>At 06:27 PM 3/27/98 +0100, Paul-André Pays wrote:
>>I don't need trust, I (and they) need commitments / contracts 
>>and liability and this why the thread about "trust transitivity"
>>looks to me as a pure speculation and theoretical debate unrelated
>>with the requirements of most players I have to deal with. 
>Very well said.  Thank you for the words.
> - Carl

Dispense for the moment with the word "trust".  Consider instead the term
"enlightened reliance".

Of course, we are interested directly with commitments, contracts and
liabilities.  But any reliance on these *presumes* other fundamentals.
"With whom did I commit?" "What evidence leads me to believe so?"  "How
did this evidence come into my possession?"  "Through what channels?"

Much of this seems beyond the immediacy of public keys, digital signatures
and certifications.  It deals more generally with the underlying structure
(or lack of structure) for managing the histories of evidence that lead us
to make decisions regarding the employment of keys and certificates.

At present, we float in a sea of data, and grasp at near-term facts that
appear on the surface to support our decision-making.  We do this out of
our (human) memory and generally ignore the historical dependencies that
lead us to take as facts this data.  Too much baggage to hold onto using
(human) memory, or to deal with using just our wits.

And yes, as Bob Jueneman often puts it, "so commerce is impossible" ;)

Of course we'll get by without a deeper decision-making foundation, for
a while at least.  But as we delegate more and more decisions to software
automatons, we may have to codify these reliance measures with a more
comprehensive methodology.  Will Ed's stuff do this for us?  I don't know.
I can barely understand it.  But I can't get myself to ignore it, and I
won't ignore it simply because it makes my head hurt.


Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL

Follow-Ups: References: