At 8:30 AM -0700 6/17/02, Ed Gerck wrote:
Stephen Kent wrote:
I feel that the term "trust" is appropriately applied to certs when
the CA is not authoritative for the attributes in the cert, but is
not appropriate when the CA is authoritative.
Trust is oftentimes used as a synonym for authorization. This is fine if
you have a network, where a trusted user is a user authorized by the
sysadmin to do or be something. However, the concept of trust as we
have developed and learned to use it for thousands of years in commerce
and human communication (like an internet, a network of networks)
is much more complex than authorization. Thus, when we replace trust
with authorization we lose representation capacity -- we flaten out, so
to say, the descriptive capacity of our language.
I agree that the two concepts should be kept distinct, and that's why
I try to use "trust" to describe CA relationships where authorization
is absent. In the DNS, and in many other cases, CAs are authorized
and thus need not be "trusted" in the traditional sense.
As authorization, trust can be transitive. Money is an authorization
for payment and it is surely transitive. However, if trust is taken as
representing the usual concept of trust, then it cannot be considered
transitive. For example, if I trust my brother this does not mean that I
must trust my brother's friends. We cannot grant it to be associative,
either. Let me exemplify.
We agree.
<snip>
These problems eventually invalidate any PKI scheme which grows beyond
a certain "critical radius". And, it also casts serious doubts on
the validity of
delegation and authorization chains if such aspects of trust are not
taken into
account. As they are not, in PKI and in the DNS.
I don't understand your assertion in this last sentence.
Steve