>-----Original Message----- >From: [email protected] [mailto:[email protected]] >On Behalf Of Jon Callas ... > >On Jan 26, 2012, at 2:55 PM, Richard L. Barnes wrote: > >>>>> As security engineers, our role is to (a) reduce the number of >>>>> entities we trust; (b) reduce the extent to which we trust the >>>>> remaining trusted entities; and (c) determine the trustworthiness >of >>>>> trusted entities. >>>> >>>> Really? >>> >>> Yep. >> >> +1 >> >> One of the better definitions I've heard. I would question whether >(c) is even in scope; seems like a relying party function. > >We should run screaming from (c). Not only do there be dragons there, >but there be dragons even in saying what "trustworthiness" means. Surely >this is not a real-world reputation system. > > Jon
Yes! ... but, we can define "who we trust for what" ... who being a key, what being some Domain of Discourse with appropriate constraints. Trustworthiness as a probability or metric yields contradictory and nondeterministic evaluations. Paul _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
