[cryptography] Request - PKI/CA History Lesson

Jeffrey Walton noloader at gmail.com
Fri May 2 01:55:27 EDT 2014


> For me the sentence, “I had little choice but to trust X” is perfectly
> coherent.
>
> Is it possible that you are letting your righteous anger at what
> browser vendors have done interfere with how you are defining “trust”?

That's the question with the elusive answer: how do you define trust.
One of the better answers I have seen: X trust Y to do Z.

Plug in PKI: Users trust CAs to abide by their CP and CPS. (Now policy
(CP) and procedures (CPS) need to be accepted).

Nonsensical counter example: Trustwave did not follow their CP, but
they are still trusted. Does not compute...

Jeff

On Fri, May 2, 2014 at 1:41 AM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>
> On 2014-05-01, at 8:49 PM, ianG <iang at iang.org> wrote:
>
>> On 1/05/2014 02:54 am, Jeffrey Goldberg wrote:
>>> On 2014-04-30, at 6:36 AM, ianG <iang at iang.org> wrote:
>
>>> OK. So let me back peddle on “Ann trusts her browser to maintain a list of
>>> trustworthy CAs” and replace that with “Ann trusts her browser to do
>>> the right thing”.
>>
>> Right, with that caveat about choice.
>
> I think that we are in fierce agreement. At first
> I didn’t understand the significance of your insistence
> on *choice*, but I see it now. More below.
>
>>>> In this context, we would claim that users b-trust because they know
>>>> they can switch.  With browsers they cannot switch.
>>>
>>> Their choice is to transmit private information using their browsers.
>>> Their choice is to not participate in e-commerce.
>
>> Right, there is always in economics some form of substitute.  But
>> actually we've probably moved beyond that as a society.
>
>> I would say that e-commerce is utility grade now, so it isn't a
>> choice you can really call a choice in competition terms.
>
> I agree that the behavior in b-trust must be about “choice behavior”
> in that Ann behaves one way instead of another.
>
> But I don’t think that we should have some minimal threshold of choice
> before can call the behavior b-trust. As long as there is some
> non-zero amount of choice the behavior (in these cases) will exhibit
> a non-zero amount of trust.
>
> For me the sentence, “I had little choice but to trust X” is perfectly
> coherent.
>
> Is it possible that you are letting your righteous anger at what
> browser vendors have done interfere with how you are defining “trust”?
>
>>> All I’m asking is that we consider the people we are asking to
>>> “b-trust” the system. Can we build a system that is b-trustworthy
>>> for the mass of individuals who are not going to make c-trust
>>> judgements.
>>
>>
>> Right, this is the question, how do we do that?
>>
>> That is what Certificate Transparency and Perspectives seek to do, as
>> well as other thoughts.  First they make the c-trust available by
>> setting up alternate groups and paths. Then the c-trusters develop their
>> followings of b-trusters.
>
> I agree with that last bit. In a sense, if people see that experts trust
> the system they will too. But how will this play out with Certificate
> Transparency for most users? What do they actually need to know and do
> to follow some c-trusters?
>
>> There likely needs to be a group of c-trusters in the middle
>> that mediate the trust of the b-trusters.
>
> And how will that work without putting unrealistic expectations on
> the vast major of users. How do they pick which c-trusters to trust?
>
>>> I think that we have a higher chance of success if we use a language that
>>> can talk about agents who do not have a deep or accurate understanding of
>>> why a system is supposed to work. And so, I think that, with some refinement,
>>> my notion of b-trust is worthwhile.
>>
>>
>> Yes it could be.  It might not be applicable to web-PKI because the
>> vendors confuse X "do the right thing by users" with X' "maintain a good
>> CA list.”
>
> I’m confused. (Perhaps by the vendors?)


More information about the cryptography mailing list