[cryptography] Request - PKI/CA History Lesson - the definition of trust

pjklauser at gmail.com pjklauser at gmail.com
Sat May 3 04:22:11 EDT 2014


Since we're on the subject of X509 history, I found Dr. Ed Gercks
"Definition of Trust" at [1] very helpful in really figuring out what
"trust" can mean. This work was done fairly early on the X509 timeline.

Frankly, if we could "trust" in DNS, we would not need to "trust" in
web-PKIX [2] - since the one is just the bandaid for the other. Therefore I
support any alternative DNS mechanisms (Namecoin?) which could eventually
make it into the mainstream.

quoting Gerck..."
The provided trust definition leads to several consequences...

1) "trust depends on the observer" -- or, "there is no absolute trust". What
you may know can differ from what I may know.

2) "trust only exists as self-trust". This means that only self-trust has
zero information content, so trust on others always have information content
(surprises or, unexpected behavior, either good or bad).

3) "two different observers cannot equally trust any received information".
Direct consequence of (1) and (2).

4) "a self-declaration cannot convey trust to another entity when using one
and the same communication channel". Direct consequence of the abstract
definition.
"

[1] http://mcwg.org/mcg-mirror/trustdef.htm 
[2]
http://pjklauser.wordpress.com/2013/12/03/pkix-for-webserver-ssl-certificate
s-will-eventually-die/



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com



More information about the cryptography mailing list