[Moderator's note: Please do not top post. --Perry]
I am thinking that trust is a relationship. "A trusts B". So if you
start with "A trusts B" and you do some operation that results in "C
trusts B" then you have not copied anything because "A trusts B" is
not equal to "C trusts B". You can't call that operation a "copy".
I can't think of any scenario where it even makes sense to talk about
copying trust. The closest thing I can think of would be a document,
or record in a database, or a certificate, or similar thing that
reminds me that "I trust X". That is consistent with Bill Frantz's
comment on memory. (hi Bill) I can copy the reminder, but that
doesn't copy the trust. The trust exists, it seems to me, with or
without the reminder (even if I have temporarily forgotten about it).
Kind regards,
-Bill
On Jun 2, 2008, at 6:24 PM, Ed Gerck wrote:
Bill Frantz wrote:
[EMAIL PROTECTED] (Ed Gerck) on Monday, June 2, 2008 wrote:
To trust something, you need to receive information from sources
OTHER than the source you want to trust, and from as many other
sources as necessary according to the extent of the trust you
want. With more trust extent, you are more likely to need more
independent sources of verification.
In my real-world experience, this way of gaining trust is only
really used for strangers. For people we know, recognition and
memory are more compelling ways of trusting.
Recognition = a channel of information
memory = a channel of information
When you look at trust in various contexts, you will still find the
need to receive information from sources OTHER than the source you
want to trust. You may use these channels under different names,
such as memory which is a special type of output that serves as
input at a later point in time.
The distinguishing aspect between information and trust is this:
"trust is that which is essential to a communication channel but
cannot be transferred from a source to a destination using that
channel". In other words, self-assertions cannot transfer trust.
"Trust me" is, actually, a good indication not to trust.
We can use this recognition and memory in the online world as well.
SSH automatically recognizes previously used hosts. Programs such
as the Pet Names Tool <http://www.waterken.com/user/PetnameTool/>
recognize public keys used by web sites, and provide us with a
human-recognizable name so we can remember our previous
interactions with that web site. Once we can securely recognize a
site, we can form our own trust decisions, without the necessity of
involving third parties.
Yes, where recognition is the OTHER channel that tells you that the
value (given in the original channel) is correct. Just the value by
itself is not useful for communicating trust -- you also need
something else (eg, a digital sig) to provide the OTHER channel of
information.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]