RE: Webs of Trust vs Trees of Trust

["Pat Farrell" <pfarrell@cs.gmu.edu>]

In  norm@netcom.com (Norman Hardy) writes:
>This is much ingrained in all of the legally mandated security
>systems that I am aware of. It assumes, at first glance, that there
>is a root, an inner sanctum, which is totally trusted by all.
>
>It is a pervasive mind-set in military security.

While I can't claim to understand the military mind set, I can believe
that it is pervasive. It is also at best simplistic. Under the "new world
order" we must forge aliances according the the needs of the situation,
so that the trusted aliance's members vary over time. Economic aliances
have similar dynamics, with trust and allegiance changing.

The government's view seems to be that trust is transitive. I believe
that it can't be, because the world is not a simplistic heirarchy that
starts with Billery and flows down.

The tree of trust also ignores international exchanges, as Billery's
signature means far less to an European than to a US citizen. There was a
recent article about a ring of college students in Texas selling forged
driver's licenses. They used Montana and Idaho as samples, with the
expectation that a bouncer in a Texas bar wouldn't know a real Idaho license
if he saw one. Seems like the value of a US-based signature would be lowered
in Sydney or Delhi in a similar manner.

More importantly, I expect that digital signatures will be used for
commercial transactions accross the net. This means that there is money
involved, and with a tree of trust, the higher level trees are _worth_
bribing, forging, and perhaps killing for. Once a high level node is
compromised, all lower nodes are worthless.

This is why we need a serious education effort for the "decision makers" in
the government.

Pat

Pat Farrell      Grad Student                 pfarrell@cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>