Can we copy trust?

Ed Gerck edgerck at nma.com
Tue Jun 3 12:30:30 EDT 2008 

IanG wrote:
> Ed Gerck wrote:
>> When you look at trust in various contexts, you will still find the 
>> need to receive information from sources OTHER than the source you 
>> want to trust. You may use these channels under different names, such 
>> as memory which is a special type of output that serves as input at a 
>> later point in time.
> 
> 
> It is useful and efficient to get trust from third parties, but not 
> essential, imho.  If you find yourself meeting someone for the first 
> time in random circumstances, you can get to know them over time, and 
> trust them, fully 2nd party-wise.

Yes, and the OTHER channels needed for trust are exactly those 
time-defined channels that you set up as you "get to know them over 
time". Each interaction, each phrase, each email exchanged is another 
channel.

Still, you can be talking to "Doris" in a p2p interaction over months 
and never realize it's actually Boris. This can happen in personal 
meetings as well, not just online.

The point being that (1) you need those other channels and can 
recognize them even if you are just in a p2p interaction; and (2) be 
careful because whatever channels you have, they will only span a 
certain, limited extent in the interaction that you want to trust, so 
your reliance space must be contained within that extent.

> Attempting to cast trust as a aspect of channels is a technological 
> approach, and will lead one astray, just as PKI did;  trust is built on 
> acts, of humans, and involves parties and events, risks and rewards.  
> The channels are incidental.

Shannon's information theory is a general approach that, even though 
it has  limitations as any other model, has allowed researchers to 
deal with both social and technical aspects of trust.

The important point, contrary to what PKI did, is to base the 
technical definition of trust on the social mediation of trust that we 
have learned over thousands of years.

Thus, when we look at linguistics and other areas where we find 
expressions of social experience and communication in a culture, we 
see that the unique, defining aspect of trust is that trust on 
something or someone needs /OTHER/ channels of information (where 
memory is also a channel) than the information channel we want to trust.

This social-linguistic observation transfers directly to the 
definition we can use with information theory for the technical aspect 
of trust, allowing the /same/ model of trust to be used in both 
worlds, as:

"trust is that which is essential to a communication channel but 
cannot be transferred from a source to a destination using that channel".

 From this abstract definition, you can instantiate a definition that 
applies to any desired context that you want -- social and/or 
technical -- while assuring that they all have the same model of 
trust. Examples are provided at the top of 
http://mcwg.org/mcg-mirror/trustdef.htm

As usual, information is defined as: "information is that which is 
transferred from a source to a destination". If the same information 
is already present at the destination, there is no transfer. That's 
why information is surprise; there's no surprise if the information 
already exists at the destination.

> You can see this better in the study of negotiation.  It is possible 
> using this theory&practice to build trust, or to prove that no trust can 
> be achieved.  Negotiation is primarily a paradigm of two parties.

You can use different models. I believe that trust is a more 
fundamental model than negotiation, as we can have trust without 
negotiation.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list