IanG wrote:
Ed Gerck wrote:
When you look at trust in various contexts, you will still find the
need to receive information from sources OTHER than the source you
want to trust. You may use these channels under different names, such
as memory which is a special type of output that serves as input at a
later point in time.
It is useful and efficient to get trust from third parties, but not
essential, imho. If you find yourself meeting someone for the first
time in random circumstances, you can get to know them over time, and
trust them, fully 2nd party-wise.
Yes, and the OTHER channels needed for trust are exactly those
time-defined channels that you set up as you "get to know them over
time". Each interaction, each phrase, each email exchanged is another
channel.
Still, you can be talking to "Doris" in a p2p interaction over months
and never realize it's actually Boris. This can happen in personal
meetings as well, not just online.
The point being that (1) you need those other channels and can
recognize them even if you are just in a p2p interaction; and (2) be
careful because whatever channels you have, they will only span a
certain, limited extent in the interaction that you want to trust, so
your reliance space must be contained within that extent.
Attempting to cast trust as a aspect of channels is a technological
approach, and will lead one astray, just as PKI did; trust is built on
acts, of humans, and involves parties and events, risks and rewards.
The channels are incidental.
Shannon's information theory is a general approach that, even though
it has limitations as any other model, has allowed researchers to
deal with both social and technical aspects of trust.
The important point, contrary to what PKI did, is to base the
technical definition of trust on the social mediation of trust that we
have learned over thousands of years.
Thus, when we look at linguistics and other areas where we find
expressions of social experience and communication in a culture, we
see that the unique, defining aspect of trust is that trust on
something or someone needs /OTHER/ channels of information (where
memory is also a channel) than the information channel we want to trust.
This social-linguistic observation transfers directly to the
definition we can use with information theory for the technical aspect
of trust, allowing the /same/ model of trust to be used in both
worlds, as:
"trust is that which is essential to a communication channel but
cannot be transferred from a source to a destination using that channel".
From this abstract definition, you can instantiate a definition that
applies to any desired context that you want -- social and/or
technical -- while assuring that they all have the same model of
trust. Examples are provided at the top of
http://mcwg.org/mcg-mirror/trustdef.htm
As usual, information is defined as: "information is that which is
transferred from a source to a destination". If the same information
is already present at the destination, there is no transfer. That's
why information is surprise; there's no surprise if the information
already exists at the destination.
You can see this better in the study of negotiation. It is possible
using this theory&practice to build trust, or to prove that no trust can
be achieved. Negotiation is primarily a paradigm of two parties.
You can use different models. I believe that trust is a more
fundamental model than negotiation, as we can have trust without
negotiation.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
