On Jan 26, 2012, at 2:55 PM, Richard L. Barnes wrote:
>>>> As security engineers, our role is to (a) reduce the number of
>>>> entities we trust; (b) reduce the extent to which we trust the
>>>> remaining trusted entities; and (c) determine the trustworthiness of
>>>> trusted entities.
>>>
>>> Really?
>>
>> Yep.
>
> +1
>
> One of the better definitions I've heard. I would question whether (c) is
> even in scope; seems like a relying party function.
We should run screaming from (c). Not only do there be dragons there, but there
be dragons even in saying what "trustworthiness" means. Surely this is not a
real-world reputation system.
Jon
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
