Amir Herzberg wrote:
Ed Gerck responded to me:
Can
you trust what trustbar shows you?

This trust translates to:
-- Trusting the TrustBar code (which is open source so can be validated by tech-savvy users / sys-admin)
-- Trusting that this code was not modified (same as for any other aspect of your machine)
-- Trusting the CA - well, not exactly; TrustBar allows users to specify for each CA whether the user is willing to display logos/names from this CA automatically, or wants to be asked for each new site. Only if the user selects `display logo/name automatically`, then he really trusts the CA in this regard, and still the brand (logo) of the CA appears (for accountability). I'll admit, though, that currently VeriSign is `trusted` in this respect by default (of course user can chnage this easily).

In other words, if trustbar can be verified it can be trusted.

Redundancy is useful to qualify trust in information. Trusting the trustbar
code might be hard to qualify by itself (ie, source code verification) but
redundancy helps here [1]. Trust increases if the two channels trustbar and
browser CA status [2] agree with each other. Trustbar can become a trusted
verifier after positively checking with the browser CA status.

This would also help prevent one-sided attacks to trustbar, as one would need
to attack both trustbar and browser CA status,


Cheers, Ed Gerck

[1] This is also my solution to the famous trust paradox proposed by Ken
Thompson in his " Reflections of Trusting Trust". Trust is earned, not
given. To trust Ken's code, I would first ask two or more programmers (who
I choose) to code the same function and submit their codes to tests. If they
provide the same answers for a series of inputs, including random inputs,
I would have a qualification for trusting (or not) Ken's code. This works
even without source code. Trust is not in the thing, it's how the thing works.

[2] Mozilla already shows the signing CA name when the mouse is over the lock
symbol in SSL. This is more readily visible than clicking with the right-button
and reading the cert.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to