ietf
[Top] [All Lists]

Re: Global PKI on DNS?

2002-06-14 09:30:36
Thank You Steve for clarifying your simple little error and correcting the record on what I did or did not say. I admit that the error was small in commission but you must admit that it was huge in affect, so it is good for you to corrected the record.

I will assume that it was not intentional.

Now, all I did was ask you to offer proof that trust is ever transitive, as a separate sub-question of the general debate, because in my view, this question is central to the reasons for bothering to discuss the rest of this thread.

In short, if trust cannot be proved to be transitive, like DNS zone control delegation is transitive, then there is no reason to continue with PKI designs that ASSUME TRUST IS TRANSITIVE.

So, this (Trust Transitivity possibility or impossibility) is:

1. not an unreasonable question; and

2. not yet answered; and

3. still the same central question that it always was and is; and

4. still critical to the entire outcome of this whole discussion thread.

In other words, it is the critical meta question that needs to be answered by someone who can offer proof of their conclusion.

So, I take your refusal to consider that it is an important question to mean that you do not care if it is a central question, and that you do not have an answer of any kind, including the possibility that the answer is that "Trust is never transitive".

This completely sums up my issue of trust transitivity, and with this observation, I have completed my participation in this aspect of this discussion thread.

As long as you (or someone else) cannot or will not answer this trust transitivity question, as simply stated as it is, I have nothing more to add.

So, now, the podium is yours to do with as you wish.

My conclusion is that you cannot and will not prove that trust is transitive.

I doubt that anyone can because I believe it to already be proven that

                                "TRUST IS NOT TRANSITIVE",

So further argument on this point only has to do with your position of not wanting to, or your being unable to --- ANSWER THE QUESTION.

Over and Out;-)...\Stef





At 2:54 PM -0700 6/13/02, Einar Stefferud wrote:
At 2:15 PM -0400 6/13/02, Stephen Kent wrote:

[snip]... [snip]... [snip]... [snip]... [snip]... [snip]... [snip]... [snip]...

You are the one who keeps saying that trust is transitive. I'm the one saying that it's not, and that a DNS-based PKI does not imply transitive trust.

<rest of message deleted, since it didn't say anything new, constructive, or generally relevant to the topic ...

Steve

I am simply astounded. Where in my texts have I said that trust is ever transitive.

I asked on for an explanation of why some in this list think trust is transitive. And I cited the only instance I can think of where it might be transitive by mutual agreement between a SPY and her handler! But this is not to be construed as my "saying that trust is transitive."

If you can find he message and the text where I state that trust is transitive. please return the message to me so I can compare it with the copy of it that I kept in my outgoing mail folder.

For clarity, I will now more simply restate my QUESTION:

Explain for me (and others here) how trust is ever transitive!

That is what I am really driving at.  I don't think you can prove it.

Stef,

I should have said that you are the one who keeps focusing on the question of whether trust is transitive, not that you said it was transitive.

You keep trying to cast this as a debate about the transitivity of trust, and I keep saying that it is not.

I made a slight type in my message, as you cited above.

You keep ignoring what I have said about the irrelevance of trust in a PKI where CAs are authoritative for the data they bind into certs.

As Tina Turner would have said, "What's trust got to do with it?"

Steve



<Prev in Thread] Current Thread [Next in Thread>