Subject: Policy-Discussion
List archive
- From: Ian G <iang AT cacert.org>
- To: cacert-policy AT lists.cacert.org
- Subject: TTP and the word that we don't use in polite conversation ("trust")
- Date: Mon, 25 Oct 2010 21:42:18 +1100
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
Responding to two at once, trust me :) warning warning, long rant ahead!
On 25/10/10 9:02 AM, Bernd Jantzen wrote:
When the TTP is officially saved, done and voted, then we do use the
term TRUST, and we can no more ignore the term.
In "TTP" ("Trusted Third Parties") the word "trust" is not applied to putting
trust in a CAcert Member or Assurer or in certificates issued by CAcert. The
trusted third parties are outside of CAcert, they are people (like notaries,
lawyers, etc.) whom the society trusts (to a certain degree) in making correct
statements. This trust is quite vague and not further defined, and it is not
directly related to something falling under CAcert Arbitration. In fact, at
first hand (and this is the key point in the renewed TTP policy), it is the
CAcert Assurer accepting a certain TTP who has to answer to Arbitration in
case
of problems. The TTP itself might have to respond in court for making false
statements. But the Assurer has to defend his decision of accepting the TTP in
Arbitration. Apart from this point, the name "TTP" is quite old - probably
older
than CAcert? - and has been used not only by CAcert but also e.g. by Thawte's
former "web of trust". So "TTP" is a sort of "known expression" - and that is
probably why it has survived in the new version of the corresponding policy.
Yes, well said.
TTP is a term of art in the PKI or cryptographic community.
From a tech pov, it can be seen as a sort of fudge factor or hack in a difficult communications protocol, whereby we organise everything we can with tech, and the missing bits we clean up by passing to a person called a Trusted Third Party. So in a practical everyday computing sense, it is the person who cleans up the mess left by an incomplete protocol.
The use of the term "trust" in TTP is part circular, part marketing.
The circular sense is that the person is trusted to the extent required for the protocol. That's it. That's what it means; all that is required. So obviously this becomes a little bit confusing ... and sometimes rebounds on us, as people take the common meaning of "trust" and assume that is what these people are. This mismatch leads to a slow migration of security systems from finely balanced to systemically flawed.
An example of this is indeed PKI itself. The CA *is the canonical TTP* in crypto-security work. The Certification Authority (that's us, CAcert) is the person who is trusted to make the protocol complete. However, we now see, as a matter of historical fact, that when the protocol got challenged (insert here lots of arguments about where/when/whether/blame) the TTP turned out to not be trustworthy to make the protocol really, fully, 100% complete, only trustworthy for something they said they'd do. Which turned out to be not quite enough and/or not entirely relevant to the original requirement. (Insert very long argument, allocate the blame, run like hell, get nowhere fast...)
(I'm waving my hands like windmills here, but if I just slow down slightly you'll see: user sees cert; knows that this means is talking to site, because the TTP signed off on the owner of that site. But wait! The cert was invisible/expired/stolen/forgotten/fraudulent/invented/self-signed/the wrong colour/wrong size/wrong race ... and now we find that the TTP wasn't trusted for that. In fact, the TTP is trusted for very little, so little that you're not going to ever find it. Who's to blame? You are, for trusting! QED.)
Which has led some to joke that the TTP is really the CVP or the Centralised Vulnerability Partner.
So what's in this word trust? How are we to understand the word as is found in the above term TTP? Unfortunately very little of it from common meaning is found. Which leads to the sense of marketing, which to distinguish, I'll write in CAPS, TRUST.
TRUST is a marketing term. The "TRUST Business" is a term frequently seen. It is used in the sense of "you will trust this person." It is written in the sense of "you do trust this business." Or, in our case, "you trust CAcert."
But this has several problems. Firstly, to do what? Well, as we know here in policy group, we can actually answer that by reference to the policies. But, when we add the WHAT to the end of the "you will trust" we have a further problem; which is, is that what we wanted? And if not, why did we call it trust? How can I call it trust if I didn't want it?
Which leads us to the next issue.
Trust is from the trust holder to the trustworthy person. It's not the other way around. The trustworthy person in normal society does not say "you trust me." That's an order, an instruction, or a fraud, like the old joke "trust me, I'm a doctor." Because of the very nature of trust, it can only exist when I as an individual have of my own free will and due diligence decided that I trust you (insert some shortcuts here like childbirth).
I trust you
means
I have decided to trust you!
Except in PKI. Here, "I trust you" means "You the TTP have instructed me to accept your statements without reservation." That latter is not trust; it's something else (pick your favourite term).
This is done by means of franchise; the root list holders do a deal with the TTPs (CAs) to have them added to the lists. So in this sense, today, Mozilla tells you that you don't trust CAcert. And will do until some auditor block fixes that, by saying to you, "trust me, I'm an auditor." And, that is literally what the browser tells you, that you do not TRUST the CA.
Which ain't trust as people know it, it's TRUST as the TRUST business sells it. Different thing.
Why all this crapola? Simple marketing. People believed the word so much, or wanted to believe it, the industry took the word and flipped its causality. Plain and simple. And few people noticed, maybe because the marketing was intense, maybe because so much money was involved, and maybe because a lot of scientific gurus got involved and said TRUST was good for you.
For these reasons we don't use the word in CAcert.
Or more pragmatically, because we can't define the word adequately to encompass both PKI's usage of the word *and* the general society, everyday, family meaning of the word, and suit everyone's desires for straight-forward and principled meanings in CAcert, we do not use it in our Community.
But we are stuck with it in two terms of art, the TTP and the WoT.
Note that - in all CAcert Policies I have quickly scanned through - the word
"trust" only appears - very rarely - in two contexts:
* as "TTPs" in the new "TTP-Assisted Assurance Policy",
Right. As explained, TTP is a term of art from the PKI / cryptographic industry. It has a long heritage, a fairly good understanding. It has a few flaws:
* the word TRUST within is subject to issues,
* the word Party might be unwarranted, and
* nobody outside the field understands what the term means.
We could find a replacement. That would be nice. As we have a real good document -- policy -- at hand, we have our stated meanings and our processes, then slotting in a new word is easy enough. For us.
And, also, everyone who "is a TTP" according to our list will likely not understand the existing term at all, so they won't care what we call them. Try TTP on your bank manager or Notaire :)
(It's only the Auditor who might wonder, and he will not be fussed about meanings when there is a good stated definition. A.k.a. clear policy.)
So if we can find a good term for our chosen acceptable/reasonable/reliable examiner of documentary evidence of people's names, dob, etc, as per our needs in AP1.1 and XXX-Assisted Assurance Policy ... let's do that.
One suggestion: drop the word Party and use Partner instead.
(OTOH, we do have other things to do which are arguably more useful :)
* as "Web of Trust" in the "Assurance Policy" (but see section 4.3 there:
"Assurance Points" are the well-defined term, not "trust points").
Probably it would be a good idea to find a replacement for "Web of Trust"
within
CAcert (although this term is well established already): "Web of Assurers",
"Web
of Assurances", ...?
Possibly, WoT too. Or is that WoT2 ;)
I'm not so sure about that one, because it is somewhat softer in all respects than TTP, and isn't subject to the same contradictions. But worth talking about!
iang
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: (meta) some posting suggestions, (continued)
- Re: (meta) some posting suggestions, Morten Gulbrandsen, 10/25/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Gert Seidl, 10/25/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Morten Gulbrandsen, 10/25/2010
- Re: AW: CCA - blue changes for Root Distribution License - call for vote!, Ian G, 10/25/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Morten Gulbrandsen, 10/24/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Bernd Jantzen, 10/24/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Morten Gulbrandsen, 10/24/2010
- AW: CCA - blue changes for Root Distribution License - call for vote!, ulrich, 10/24/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Ian G, 10/25/2010
- AW: CCA - blue changes for Root Distribution License - call for vote!, ulrich, 10/25/2010
- TTP and the word that we don't use in polite conversation ("trust"), Ian G, 10/25/2010
- AW: CCA - blue changes for Root Distribution License - call for vote!, ulrich, 10/24/2010
- Re: Trust and PKI stuff, Tomáš Trnka, 10/23/2010
- Re: Trust and PKI stuff, Morten Gulbrandsen, 10/23/2010
- Re: Trust and PKI stuff, Ian G, 10/24/2010
- AW: CCA - blue changes for Root Distribution License - call for vote! => RDL, ulrich, 10/10/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Ian G, 10/10/2010
- RE: CCA - blue changes for Root Distribution License - call for vote!, peter williams, 10/10/2010
- Re: CCA - blue changes for Root Distribution License - call for vote!, Ian G, 10/10/2010
- RE: CCA - blue changes for Root Distribution License - call for vote!, peter williams, 10/10/2010
Archive powered by MHonArc 2.6.16.