[125181] in cryptography@c2.net mail archive
Re: Can we copy trust?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Tue Jun 3 11:27:09 2008
Date: Mon, 02 Jun 2008 23:53:44 -0700
From: Ed Gerck <edgerck@nma.com>
To: Bill Soley <william.soley@sun.com>
CC: Bill Frantz <frantz@pwpconsult.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <70FB750E-7D7B-4DD8-9FA5-9E6272B8F71B@sun.com>
Bill Soley wrote:
> I am thinking that trust is a relationship. "A trusts B". So if you
> start with "A trusts B" and you do some operation that results in "C
> trusts B" then you have not copied anything because "A trusts B" is not
> equal to "C trusts B". You can't call that operation a "copy".
Trust is indeed expressed by relationships. And those relationships
can be transmitted with proper consideration -- just not in your
example. In the case of SSL certs, a simple file copy is enough.
Cheers,
Ed Gerck
Addendum:
Did you have a chance yet to read Kelly's paper? In that paper, he is
looking for stuff that can't be copied -- because he hopes that such
stuff is scarce and valuable. "When copies are free, you need to sell
things which can not be copied."
Kelly says that we can't copy trust. So, if I have 100 servers for the
domain example.com does this mean that I have to buy 100 trusted SSL
certs from the CA? Or, is any copy of the SSL cert as trustworthy as
the original?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
