Ed Gerck wrote:
Bill Frantz wrote:
[EMAIL PROTECTED] (Ed Gerck) on Monday, June 2, 2008 wrote:
To trust something, you need to receive information from sources
OTHER than the source you want to trust, and from as many other
sources as necessary according to the extent of the trust you want.
With more trust extent, you are more likely to need more independent
sources of verification.
In my real-world experience, this way of gaining trust is only
really used for strangers. For people we know, recognition and
memory are more compelling ways of trusting.
Recognition = a channel of information
memory = a channel of information
When you look at trust in various contexts, you will still find the need
to receive information from sources OTHER than the source you want to
trust. You may use these channels under different names, such as memory
which is a special type of output that serves as input at a later point
in time.
It is useful and efficient to get trust from third parties,
but not essential, imho. If you find yourself meeting
someone for the first time in random circumstances, you can
get to know them over time, and trust them, fully 2nd
party-wise.
Trust comes from events of risk and reward, not from
channels. It just so happens that the best expressions of
risk and reward are over independent therefore 3rd party
channels.
The distinguishing aspect between information and trust is this: "trust
is that which is essential to a communication channel but cannot be
transferred from a source to a destination using that channel".
Trust is an expression of something you may rely on. It has
risks, liabilities, obligations, etc. Information does not
(yet).
In other
words, self-assertions cannot transfer trust. "Trust me" is, actually, a
good indication not to trust.
Well. Actions speak louder than words. The *act* of a
third party is to put their own reputation at risk if they
say "trust this 2nd person." This works if the two people
are independent, but not if the two people are dependent (or
the same). If they are independent, the costs incur to one
party and the benefits incur to another party.
So the independent cost of placing the reputation at risk is
a significant event. You can rely on someone who will incur
cost on your behalf. Saying "trust me" carries no risks
because the benefits cancel out the risks.
We can use this recognition and memory in the online world as well.
SSH automatically recognizes previously used hosts. Programs such
as the Pet Names Tool <http://www.waterken.com/user/PetnameTool/>
recognize public keys used by web sites, and provide us with a
human-recognizable name so we can remember our previous
interactions with that web site. Once we can securely recognize a
site, we can form our own trust decisions, without the necessity of
involving third parties.
Yes, where recognition is the OTHER channel that tells you that the
value (given in the original channel) is correct. Just the value by
itself is not useful for communicating trust -- you also need something
else (eg, a digital sig) to provide the OTHER channel of information.
Attempting to cast trust as a aspect of channels is a
technological approach, and will lead one astray, just as
PKI did; trust is built on acts, of humans, and involves
parties and events, risks and rewards. The channels are
incidental.
You can see this better in the study of negotiation. It is
possible using this theory&practice to build trust, or to
prove that no trust can be achieved. Negotiation is
primarily a paradigm of two parties.
(Economists will recognise it as game theory, prisoner's
dilemma, perhaps agent-principal theory, etc.)
Your comment that someone who says "trust me" is in fact
signalling that they cannot be trusted ... is more clearly
explained in negotiation. Often, someone will state up
front that they want to find the win-win; which is a signal
that they are in the win-lose, because real win-win is about
actions not words, and words in this case would lead to a
false sense of security.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
