Re: Global PKI on DNS?

[Einar Stefferud <stef at nma.com>]

Thank You Steve for clarifying your simple little error and 
correcting the record on what I did or did not say.  I admit that the 
error was small in commission but you must admit that it was huge in 
affect, so it is good for you to corrected the record.

I will assume that it was not intentional.

Now, all I did was ask you to offer proof that trust is ever 
transitive, as a separate sub-question of the general debate, because 
in my view, this question is central to the reasons for bothering to 
discuss the rest of this thread.

In short, if trust cannot be proved to be transitive, like DNS zone 
control delegation is transitive, then there is no reason to continue 
with PKI designs that ASSUME TRUST IS TRANSITIVE.

So, this (Trust Transitivity possibility or impossibility) is:

1. not an unreasonable question; and

2. not yet answered; and

3. still the same central question that it always was and is; and

4. still critical to the entire outcome of this whole discussion thread.

In other words, it is the critical meta question that needs to be 
answered by someone who can offer proof of their conclusion.

So, I take your refusal to consider that it is an important question 
to mean that you do not care if it is a central question, and that 
you do not have an answer of any kind, including the possibility that 
the answer is that "Trust is never transitive".

This completely sums up my issue of trust transitivity, and with this 
observation, I have completed my participation in this aspect of this 
discussion thread.

As long as you (or someone else) cannot or will not answer this trust 
transitivity question, as simply stated as it is, I have nothing more 
to add.

So, now, the podium is yours to do with as you wish.

My conclusion is that you cannot and will not prove that trust is transitive.

I doubt that anyone can because I believe it to already be proven that

				"TRUST IS NOT TRANSITIVE",

So further argument on this point only has to do with your position 
of not wanting to, or your being unable to ---	ANSWER THE QUESTION.

Over and Out;-)...\Stef





> At 2:54 PM -0700 6/13/02, Einar Stefferud wrote:
> > At 2:15 PM -0400 6/13/02, Stephen Kent wrote:
> >
> > [snip]... [snip]... [snip]... [snip]... [snip]... [snip]... 
> > [snip]... [snip]...
> > > You are the one who keeps saying that trust is transitive. I'm the 
> > > one saying that it's not, and that a DNS-based PKI does not imply 
> > > transitive trust.
> > >
> > > <rest of message deleted, since it didn't say anything new, 
> > > constructive, or generally relevant to the topic ...
> > >
> > > Steve
> >
> > I am simply astounded.  Where in my texts have I said that trust is 
> > ever transitive.
> >
> > I asked on for an explanation of why some in this list think trust 
> > is transitive.
> > And I cited the only instance I can think of where it might be 
> > transitive by mutual agreement between a SPY and her handler!  But 
> > this is not to be construed as my "saying that trust is transitive."
> >
> > If you can find he message and the text where I state that trust is 
> > transitive. please return the message to me so I can compare it 
> > with the copy of it that I kept in my outgoing mail folder.
> >
> > For clarity, I will now more simply restate my QUESTION:
> >
> > Explain for me (and others here) how trust is ever transitive!
> >
> > That is what I am really driving at.  I don't think you can prove it.
>
> Stef,
>
> I should have said that you are the one who keeps focusing on the 
> question of whether trust is transitive, not that you said it was 
> transitive.
>
> You keep trying to cast this as a debate about the transitivity of 
> trust, and I keep saying that it is not.
>
> I made a slight type in my message, as you cited above.
>
> You keep ignoring what I have said about the irrelevance of trust in 
> a PKI where CAs are authoritative for the data they bind into certs.
>
> As Tina Turner would have said, "What's trust got to do with it?"
>
> Steve