Trust

Misuse

The word "trust" has been misused for many years by overzealous advocates of PKI.  Much of this misuse can be traced to cryptography papers.

In cryptography papers, the word "trust" is used the way a mathematician uses the letter "X".  In those papers, "trust" is that thing you lose if the cryptography is broken.

It is popular, but of course improper, to read those papers and conclude that if you do the cryptography right in a commercial PKI, the subscribers to that PKI achieve trust, where "trust" is not defined and therefore means whatever the subscriber desires most.  This is a salesman's trick and in need of active correction.

Transitivity

Trust is not transitive.  If it were, then we could look at a ``Web of Trust'' among people, in which we draw directional links from person A to person B only when  person A trusts person B.  We could then perform transitive closure, to see what set of people any one of us would trust.  There is a very good chance that this set would include the entire population of the Earth.

In a world in which each of us trusts everyone else, there is no need for security measures and we can turn our energies to other pursuits.  However, that's clearly not the case.

Qualification

US currency says ``In God We Trust''.  A cliché sign to be found in various shops reads, ``In God we trust, all others pay cash.''

However, it is possible for each of us to trust some other person, for a particular purpose.  I knew a woman once who was a good friend and shared many of her secrets with me.  I learned to trust her, through these conversations.  I was talking with her husband once and happened to ask him whether it bothered him that she and I spent so much time together.  He replied that it didn't because he trusted her.  So, we both trusted her.  Some of the secrets she told me were about all the affairs she was having with men in the office, so my trust in her obviously did not equal her husband's trust in her.

Even if trust were transitive, it would make no sense to propagate trust across a difference in purposes.   In particular, it makes no sense to claim that if I trust A to do a good job with cryptography, carefully documenting its methods of verifying claims of identity, and A issues a certificate to B, then I should trust B to sign contracts or electronic checks.

Authorization as an alternative to trust

Rather than try to use the term trust, SPKI avoids the term and deals instead with authorization.  An SPKI/SDSI credential grants some particular power.  The subject keyholder gets that power whether or not that keyholder can be trusted for any function whatsoever. 

Back to the electronic checking example, if bank A issues an SPKI certificate to keyholder B with the authorization to sign electronic checks on account X in that bank, then I should accept electronic checks signed by B drawn on account X, but of course not those signed by B drawn on some other account.  I do this not because I trust B in any way, but rather because I will have a understanding (or even formal contract) in place with A to the effect that if I present an electronic check signed by a key certified by that bank, then that bank will transfer the appropriate funds to me.  It is the transfer of funds that I care about, not whether keyholder B can be trusted and especially not what keyholder B's name is.


Carl Ellison; cme@acm.org