In norm@netcom.com (Norman Hardy) writes:
This is much ingrained in all of the legally mandated security systems that I am aware of. It assumes, at first glance, that there is a root, an inner sanctum, which is totally trusted by all.
It is a pervasive mind-set in military security.
While I can't claim to understand the military mind set, I can believe that it is pervasive. It is also at best simplistic. Under the "new world order" we must forge aliances according the the needs of the situation, so that the trusted aliance's members vary over time. Economic aliances have similar dynamics, with trust and allegiance changing. The government's view seems to be that trust is transitive. I believe that it can't be, because the world is not a simplistic heirarchy that starts with Billery and flows down. The tree of trust also ignores international exchanges, as Billery's signature means far less to an European than to a US citizen. There was a recent article about a ring of college students in Texas selling forged driver's licenses. They used Montana and Idaho as samples, with the expectation that a bouncer in a Texas bar wouldn't know a real Idaho license if he saw one. Seems like the value of a US-based signature would be lowered in Sydney or Delhi in a similar manner. More importantly, I expect that digital signatures will be used for commercial transactions accross the net. This means that there is money involved, and with a tree of trust, the higher level trees are _worth_ bribing, forging, and perhaps killing for. Once a high level node is compromised, all lower nodes are worthless. This is why we need a serious education effort for the "decision makers" in the government. Pat Pat Farrell Grad Student pfarrell@cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include <standard.disclaimer>