Jim Choate wrote:
you will have to trust something. then you use that something to verify something else, that is what:
No, I don't have to trust at all. I should have a protocol that I can PROVE (which is distinct from trust). I trust the proof.
I love it when you conflict with yourself. :) so you trust the proof. great. if you trust the proof, and the protocol has just been proven, then your trust extends to the protocol. and so on. web-of-trust. please don't say you don't. because if a protocol that was just proven by a prove you trust has not earned your trust by that procedure, then obviously you lied when you said you'd trust the prove.
means.
Which means you feel comfortable enough with people you know to give them your key. That doesn't mean that because I know you and trust you that I should trust them. An enemy of my enemy is NOT my friend. And a friend of a friend is not my friend.
the PGP web-of-trust is a specialized version of the above. if you trust me, and I say that key X really belongs to person Y, then your trust extends to the validity of the key. not further, it doesn't mean you trust person Y, it just means that because you trust me you decide to believe that the key really belongs to that person, because I say so.
But then again, sharing a key with somebody you wouldn't trust with your wallet is probably more than a tad problematic.
we're talking PUBLIC keys here. my public key is available to anyone who knows what "finger" means.
see above. or check what web-of-trust means. for for this problem, we have the following steps (in no specific order):
See what above? Your making statements and then self-referencing them as 'proof'. Not acceptable. Make an assertion and demonstrate the flow of dependence. Saying it over and over doesn't make it any more acceptable than the first time. And it's harder to tune out, familiarity breeds contempt.
still didn't get it? ok, so here's the same in math form: if A==B and B==C then A==C if replace == with "trust". if A trusts B and B trusts C then A can trust C. that's a gross oversimplification, so please don't start any nitpicking. I said a couple of words about trust not being binary in the last mail. in essence, the == should read "total, complete, absolute trust in everything", something that I doubt you'd see anywhere in real life. the more precise formula would be: A trusts B (minus margin of mistrust) and B trusts C (minus margin of mistrust) therefore A trusts C (minus (margin of mistrust AB * margin of mistrust BC) )
Bottem line, if Bob trusts you, and you trust me, is no reason for Bob to trust me (or me to trust Bob). Trust/Reputation is NOT transitive (that's actually why it's worthless).
why not? please tell.
I've known this person for over 10 years. I'm pretty confident that any attempts to replace him with someone else in such a way as to fool me would be several orders of magnitude more expensive than the gain is worth.
How do you know that he hasn't been undercover for 10 years? There are cases of undercover cops being submerged for years, spies for much longer. How would you KNOW. Maybe he's been making 1am burst transmissions to the 'enemy' for this entire time. Maybe his 'wife' or 'SO' is his contact point. How well do you know THEM? How well do you know his other friends? Would you trust them with your key? Does he trust them with access to the key? If so, even if you don't trust them, they've got it.
again, you're applying the wrong threat model. if this were about whether or not I should tell him about the new superweapon that I've been developing in my function as a super-secret scientist, your threat model might apply. since we're talking about a simple question about ammunition here, your threat model is way off. in german, we say "mit kanonen auf spatzen schiessen" - roughly translated as "firing cannons on sparrows".
how you do this depends mostly on your threat-model. for this example, the threat is small - it's not like any TLA would throw a couple million dollars at this in order to fool you, right? ergo I can assume that a replacement by someone who can fool me for several hours is extremely unlikely.
How do yo know that THIS is their target? How do you know that you haven't just stumbled into it? How do you know they aren't using YOU for cover? How do you know that using you will not further the gain?
I don't. since I'm not omniscient, I can live with that fact. we're all living our lifes on assumptions, or we'd be insane. maybe you should get in touch with reality every once in a while?
Which means nothing, your PGP key is no more trustworthy than your words.
dumb jim. :) it's not meant to be any more trustworthy than my words. in fact, it's sole purpose (in this case) is to ensure that my words are really my words. it's part of step 3 above.
If the key itself can't be trusted then I can't trust it to authenticate your words. If I can't trust your key any better than your words then why am I asking you to sign it? It clearly doesn't add security at any level.
excuse me? all the signature says is "these words were really written by Tom". in short: it's "trust" is on a completely different level than those of my words. I can sign a fictional story. you wouldn't trust my words, but you could trust that they are, indeed, *my* words.
if they are stamped with an official seal (which in the case of the military I'm quite sure they are) then you can be sure that any of 3 cases is true:
History is full of 'official seals' not being so official.
that would be case b) or c), depending on who's responsible.
a) they are valid b) the government (or other place of origin of the seals) is in on the conspiracy c) a forger with more skill than your forgery-detection method is in on the conspiracy
Or somebody stole it, or there is an accomplice with access to a legitimate seal to use for illegitimate uses.
subcase of c).
Or somebody has transient access to one without official access. And that ain't all the ways one could gain access to an 'official' seal besides the three you listed.
you're missing the point. this is not about a complete list of all possible ways to get an official seal on some document.
wrong. we can solve your problem IF you present us with a list of those things that you DO trust.
Who says trust has to be about 'things'?
"things" in the broadest possible sense of "pretty much anything".
I trust those things which can be independently verified by an arbitrary 3rd party or a process which I can impliment myself.
In short, things that can 'prove' other things must be at least isotropic and homogenious.
I trust the sun will rise, I trust that we'll all die. I trust that politicians are inherently crooked. I trust that what happend yesterday will not be exactly the same as today. I trust that people are both good and bad, as a result the most good person can in the right circumstances do the most heinous act (which on another line is ultimately the reason that the way we treat our prisoners is a moral and ethical failure of the 1st magnitude).
lots of that is not trust, but believe, but let's ignore that. :)
Demonstrate how you authenticate your friend, his material, the channel he gave it to you with, that I should trust you, and the channel you provide it to me with. What sorts of things do YOU need to succesfully authenticate anything?
ok, let's focus: the question was: what kind of ammunition does the G3 use? the proposed solution was: I know someone who should know, I can ask him and relay the answer. your problem is: you trust neither me nor - should he even exist - the one I proposed to ask. solution to your problem: we need a protocol that you can verify ("prove") that will in return prove that the someone exists and does know what he's supposed to know and that he is speaking the truth. I at this stage ignore the "official document" crap and every other actual means of verification, since you wouldn't trust them anyhow. as a matter of fact, I think it would be much more simpler if you'd just buy a G3 and check for yourself.
from there on, trust can be extended. e.g. if
Demonstrate trust is transitive. That if I trust Bill and you trust me, then you should trust Bill.
correct if trust is binary. since it's not, the trust I have in you would have to include a "grant option", i.e. if I trust you to have friends that are trustworthy, then yes I would trust bill.
I use PGP as a one-shot transaction security generator. I give you a key you're the only one who got it (unless you give/lose it to somebody) and I don't share keys and they retire in the short term (usually after the one shot use). I never send keys over the network.
secret keys - of course not, that's why they're called "secret". you've never sent a public key over the network?
On Tue, 16 Jan 2001, Tom wrote:
I love it when you conflict with yourself. :)
Then in general you must hate me...
so you trust the proof. great. if you trust the proof, and the protocol has just been proven, then your trust extends to the protocol. and so on. web-of-trust.
please don't say you don't. because if a protocol that was just proven by a prove you trust has not earned your trust by that procedure, then obviously you lied when you said you'd trust the prove.
The 'proof' IS the 'protocol'. You act as if 'proof' and 'trust' are equivalent. They're not. I 'trust' because I know the protocol won't 'lie'. That is the 'trust' and the heart of the 'proof'. This of course, speaking of Real World (TM), raises the question of if a protocol even exists. In most cases it doesn't. And in many cases even if it did only Bill G. could afford it. Here is the heart of commercial authentication services. Raise the cost of tampering with the system while at the same time not raising the cost of actually doing the system. Otherwise the customers can't afford it. It's a horse race. And it will be until every iota of information is free (fat chance). For your assertion to be so you still need to prove: A trust B, B trusts C, therefore A trusts C. After all, simply because you and I trust the protocol still doesn't mean I trust you. It only means I believe you haven't lied in this particular case. Another aspect is that the 'authentication' is good only for now. The fact that we require the protocol to be repeated each time is a priori admission of our trust. I mean if we've authenticated them once it should be ok for now on if we 'trust' them. You can't because it doesn't. This proof is central to your assertion. It's fundamentally central of 'web-of-trust'. It's why this particular web doesn't scale well. I trust the protocol to fail if it is tampered with because of universal access to its base components (ie isotropic and homogenious). Something that no amount of money, time, or political influence can change. I use the protocol not to decide my trust but to give me a reason to opt out of the process. Fundamentally if you have to apply any of these sorts of protocols to an exchange a reasonable person won't want to be involved in the first place. There is a fundamental lack of trust already extant. The key point however is to recognize the true function of any authentication protocol, to stop now - to drop out. Speaking of examples of trust, In the made-for-tv SG-1 pilot movie they must identify if the stargate is a trap. They do this with a simple empty cleanex box. This is a great example of 'trust' and 'authentication'. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Jim Choate wrote:
so you trust the proof. great. if you trust the proof, and the protocol has just been proven, then your trust extends to the protocol. and so on. web-of-trust.
please don't say you don't. because if a protocol that was just proven by a prove you trust has not earned your trust by that procedure, then obviously you lied when you said you'd trust the prove.
The 'proof' IS the 'protocol'. You act as if 'proof' and 'trust' are equivalent. They're not. I 'trust' because I know the protocol won't 'lie'. That is the 'trust' and the heart of the 'proof'.
I don't say trust and proof are identical. what I do say is that proof extends trust. if you trust the proof, then you can trust whatever it proves. i.e. if you trust that you do have some method to determine the truth value of anything I say, then that means if your method says "he says the truth" you can trust in what I have said. not because I said it or because you trust me, but because you trust the method which says I'm saying the truth. on a crypto level: if you have a protocol that can verify whether or not, say, a given coin of a given cyber-money is "ok" (not already spent, of the value it claims to be, etc.) then you can accept said coin from me. even if you do not trust me in any other thing, you just created a trust in that single coin. your trust in the protocol just extended to a trust in the coin, by application of the protocol. you didn't trust the coin before, you trust it afterwards. proof was just the method. there's a lot of trust that exists without proof (some of which you mentioned in your last mail).
For your assertion to be so you still need to prove:
A trust B, B trusts C, therefore A trusts C.
while I did say that, I also wrote a lengthy clarification about it. please refer to the full claim, not a single, selective quote which has a significantly different meaning. the full claim was: ===quote start=== if A==B and B==C then A==C if replace == with "trust". if A trusts B and B trusts C then A can trust C. that's a gross oversimplification, so please don't start any nitpicking. I said a couple of words about trust not being binary in the last mail. in essence, the == should read "total, complete, absolute trust in everything", something that I doubt you'd see anywhere in real life. the more precise formula would be: A trusts B (minus margin of mistrust) and B trusts C (minus margin of mistrust) therefore A trusts C (minus (margin of mistrust AB * margin of mistrust BC) ) ===quote end=== now that's a slightly different thing, don't you think? the mistrust in the AC case can be quite large, not zero as your selective quote makes believe.
After all, simply because you and I trust the protocol still doesn't mean I trust you. It only means I believe you haven't lied in this particular case.
that is exactly what I mean by "margin of mistrust" above. you may trust me with taking care of your dog for a week while you don't trust me taking care of your wife for an afternoon - that is EXACTLY what I mean when I say that "trust in real life is not binary".
I use the protocol not to decide my trust but to give me a reason to opt out of the process. Fundamentally if you have to apply any of these sorts of protocols to an exchange a reasonable person won't want to be involved in the first place. There is a fundamental lack of trust already extant.
bullshit. the protocol just needs to be simple enough. returning to my cyber-money example above, we DO have a protocol of verification of physical money in real life. it's not perfect, but it works reasonably well. it works by having specific coins or bills for money so that by visual identification and verification you can accept money from a total stranger in good faith. yes, forgery does exist. as I've said a couple dozen times so far: there are no perfect protocols and no absolute trust in real life. but guess what, civilization works more or less ok without, unless you are jim and apply the maximum threat model to every step of your life.
participants (2)
-
Jim Choate
-
Tom