I don't see the problem with defining the term 'trustworthy' Risk = Cost imposed by likelihood of probable loss. Trust = Confidence with which risk is assessed. Trusted = An entity that is relied on to mitigate risk (whether trustworthy or not). Trustworthy = An entity that meets rational criteria for risk mitigation.
We could wordsmith the definitions, but I think we can probably agree on the general principles. The problems stem from the fact that risk is a very complex function. It is not merely probability * probable loss since in a real world situation both are continuous functions, I might suffer $100 loss with probability X, and a $1000 loss with probability Y and so on. And it is not just the expected loss that is the issue but the cost that expected loss would impose on my business. My probability of a $1 million loss might be 0.1% but the cost that potential imposes on my business might be much higher than $1000. I think we should also be able to come to agreement that even though we can define the terms, we can't expect to come to precise measurements, or even particularly satisfactory measurements. If we could do that we would be in the regular business of insurance. In particular, insurance companies have always avoided writing policies on acts of war. The reason being that the probable losses simply do not follow a predictable pattern. Losses due to theft and even natural causes follow reasonably predictable patterns. We are now dealing with politically motivated attacks and so we end up with probabilities that don't fit a mathematical model and losses that don't have a monetary value. On Tue, Jan 31, 2012 at 7:29 PM, Jon Callas <j...@callas.org> wrote: > > On Jan 26, 2012, at 2:55 PM, Richard L. Barnes wrote: > >>>>> As security engineers, our role is to (a) reduce the number of >>>>> entities we trust; (b) reduce the extent to which we trust the >>>>> remaining trusted entities; and (c) determine the trustworthiness of >>>>> trusted entities. >>>> >>>> Really? >>> >>> Yep. >> >> +1 >> >> One of the better definitions I've heard. I would question whether (c) is >> even in scope; seems like a relying party function. > > We should run screaming from (c). Not only do there be dragons there, but > there be dragons even in saying what "trustworthiness" means. Surely this is > not a real-world reputation system. > > Jon > > > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
