Can we copy trust?

Ed Gerck edgerck at nma.com
Mon Jun 2 21:24:49 EDT 2008 

Bill Frantz wrote:
> edgerck at nma.com (Ed Gerck) on Monday, June 2, 2008 wrote:
> 
>> To trust something, you need to receive information from sources OTHER 
>> than the source you want to trust, and from as many other sources as 
>> necessary according to the extent of the trust you want. With more trust 
>> extent, you are more likely to need more independent sources of 
>> verification.
> 
> In my real-world experience, this way of gaining trust is only
> really used for strangers. For people we know, recognition and
> memory are more compelling ways of trusting.

Recognition = a channel of information
memory = a channel of information

When you look at trust in various contexts, you will still find the 
need to receive information from sources OTHER than the source you 
want to trust. You may use these channels under different names, such 
as memory which is a special type of output that serves as input at a 
later point in time.

The distinguishing aspect between information and trust is this: 
"trust is that which is essential to a communication channel but 
cannot be transferred from a source to a destination using that 
channel". In other words, self-assertions cannot transfer trust. 
"Trust me" is, actually, a good indication not to trust.

> We can use this recognition and memory in the online world as well.
> SSH automatically recognizes previously used hosts. Programs such
> as the Pet Names Tool <http://www.waterken.com/user/PetnameTool/>
> recognize public keys used by web sites, and provide us with a
> human-recognizable name so we can remember our previous
> interactions with that web site. Once we can securely recognize a
> site, we can form our own trust decisions, without the necessity of
> involving third parties.

Yes, where recognition is the OTHER channel that tells you that the 
value (given in the original channel) is correct. Just the value by 
itself is not useful for communicating trust -- you also need 
something else (eg, a digital sig) to provide the OTHER channel of 
information.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list