RE: Global PKI on DNS?

There appears to be two main points of contention about PKI on DNS.  Using
the dollar analogy

1. Uniqueness
        How does Jon know that the dollar Jon received from Mike is a
dollar?

        A dollar has specifications that tell you it's a dollar (type of
paper, ink, micro printing, etc)

        Each dollar has a unique serial number. If you find two dollars with
the same serial number, then you know that one of them is not a real dollar.
They key is in the storage of that information.  There must be a place(s)
(Federal Reserve) where there is a record of who the dollar was issued to.

2. Ownership
        How does Jon know that the dollar he received from Mike was Mike's?

        Uniqueness by itself does not imply ownership.

From: Einar Stefferud [mailto:stef(_at_)nma(_dot_)com]
Sent: Tuesday, June 18, 2002 7:45 PM
To: ietf
Subject: Re: Global PKI on DNS?

None of this, whether the dollar was stolen or not, has any impact on
the trustworthiness of the original dollar, as it is a bearer note,
and a dollar stolen is a dollar earned in some quarters.

Just like car manufacturers consider a car stolen to be a car sold,
unless it was stolen from the manufacturer.

We trust the intrinsic appearance of the dollar bill.

Or the pink slip for car ownership, but do not trust the car without
its pink slip.

Now, if I give you a check, and you give my check, made out to you,
endorsed to someone else, the recipient, if she accepts it is relying
on the transitivity of trust, whether such reliance is reliably
transitive or not.  Most people in the US will not accept such
checks, but in some countries, such checks circulate for a long time
and some are never cashed.

The real underlying issue here is reliance, and as Ed has pointed
out, reliance depends on more than the bearer saying "Trust Me!"
which is a single channel of communication.  In the case of a dollar,
it depends on the perceived ability to find a greater fool to accept
it at face value,
as in the act of buying or selling common stock shares.

This is why "Trust Me!" is generally considered a joke and why most
people laugh at it, whether they understand the formal logic of the
humor or not.

But it is clear that trust is not some simple property of objects!
It is much more complex and depends on subjective evaluations of its
value, gennerally incorporating many bits of information from
multiple channels.

Cheers...\Stef

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Global PKI on DNS?, (continued) Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, Keith Moore Re: Global PKI on DNS?, Robert Elz Re: Global PKI on DNS?, Michael Richardson RE: Global PKI on DNS?, Ari Ollikainen RE: Global PKI on DNS?, Stephen Kent Re: Global PKI on DNS?, John Stracke Re: Global PKI on DNS?, Stephen Kent RE: Global PKI on DNS?, Mike Burns <= RE: Global PKI on DNS?, Einar Stefferud Re: Global PKI on DNS?, Keith Moore RE: Global PKI on DNS?, John Stracke Re: Global PKI on DNS?, Einar Stefferud