ietf-asrg
[Top] [All Lists]

Re: [Asrg] Trust, misunderstood?

2003-07-02 14:02:59
Danny,

Other than providing a means for parties to accepting "trusting" senders, this is exactly what I implemented. I assumed that OOB was used to validate the trust. I didn't use PGP but felt CA's were the better way to go (personal belief).

Chuck Wegrzyn


Danny Angus wrote:

Hi all,

There's been some talk about trust systems recently, I think I instigated
some of it, and I feel that a number of comments have been made which kind
of miss the point about trust. I'd like to outline my take on trust and why
I believe trust should be considered by this group.

First off trust isn't an absolute. Realistically I can only trust people I
know, and even then I could misjudge them. To rely on another person's
judgement is more risky still. It is also all wrong to think of trust as YES
or NO, there are degrees of trust, some people we'd trust with our lives,
others with our car keys, yet more with our phone numbers. We don't say YES
or NO to the phone number guys, we say "I trust you just enough not to abuse
this information"

Secondly in existing trust mechanisms it is possible, but not widely used,
for end users to make decisions about whom of trust issuers they will trust,
and accept the judgement of in assessing an unknown third party.

For example It is possible to score PGP keys according to who I trust and
why, my immediate circle get full marks, those known to them will be assumed
to have a high degree of trust worthiness, and so on. When I encouter a
third party I can make a judgement according to how many of the people I
trust, and how much I trust them, have signed the certificate.

Likewise revocation could have a detrimental affect if a close associate of
mine has revoked their trust, less effect if I don't trust the revoker.

SSL certificates can be revoked if client software actually bothers to check
revokation lists.

Now Email:

Forming a judgement about whether or not to trust, and to what extent, an
unknown sending MTA is about much more than checking a certificate.
Of course a signed certificate, signed by someone I trust, can influence my
decision, like wise I can consider RBL's and other blacklists, reverse DNS
etc, etc. I could attempt to relay mail through a suspect host myself if I'm
suspicious.

So what I propose for the basis of a trust system would be for a mechanism
by which SMTP can temporarily block a transaction in order for the recipient
to carry out checks and create a trust score for the sending MTA.

If this mechanism provides for the optional exchange of certificates these
can be included in the calculation.

My Trust system would allow mail admins to set rules and thresholds for
trust, allowing admins to raise and lower the barrier of trust which could
be crossed *automatically* by well behaved hosts. Other hosts could be
rejected out of hand or sin-binned until a more thourough check is carried
out.

I could offer my scores to my friends. Who, if they trust my judgement,
could use this to help in making their judgement.

The commercial madness which is the "installed root CA certificates" of the
browsers is idiotic, I have no reason at all to trust verisign or thawte who
are those guys?!? But if my (they are respectable!) ISP had signed a
certificate, or offered me their tust rating for a host I'd be much more
likely to trust that host a bit.

Unfortunately I'm  going away for a week so I won't be able to respond to
anyones comments (or flames!) 'till I get back.

d.


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>