I see no value in suddenly starting to use a term "virtual trust" for
trust given due to evidence produced over wires as opposed to trust given
due to evidence produced by other means.
Trust and the validity of evidence to justify it are meaningful. A new candidate
buzzword for a concept that has been around for a long time does not.
Many of us have argued for at least decades now that more trustworthy systems
and
more trustworthy evidence for the parties to a transaction not being fooled
about the
identity of their correspondents enables more kinds of business. However I see
nothing
virtual about the trust that is needed. Seems to me it must be real trust,
ultimately
validated by real evidence or statistics showing it is properly granted,
whether granted
by a person or an automaton. Whether a human or an automaton evaluates evidence
for
identity, either must use similar statistics to validate their choices and
either will
probably perform better given more and more varied evidence. If you build your
authentication
systems so that available evidence is excluded, shame on you. But this
observation was published
at least 14 years back, probably further, and depends on there being real
trust, real
evidence, and real ways to tell (at least statistically) whether it is being
conferred
justly. I suspect efforts to separate them obscure rather than elucidate.
Glenn Everhart
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk]On Behalf Of Dave "No,
not that one" Korn
Sent: Thursday, September 28, 2006 9:43 AM
To: full-disclosure@lists.grok.org.uk
Cc: bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] Security as an Enabler - Virtual Trust:
AnOpen Challenge to All InfoSec Professionals
Kenneth F. Belva wrote:
I've been defending Virtual Trust as an enabler for the past three
days on the full-disclosure list. So far, fairly successfully.
An enabler *of* anything in particular? Or just some kind of magic
enabling pixie dust, good for all purposes?
Here's the challenge: How creative are you *for* VT, *against* VT and
determining the *impact* of VT?
What does "being creative *for*" something even mean?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
**********************************************************************
This transmission may contain information that is privileged, confidential,
legally privileged, and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information contained herein (including
any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and
any attachments are believed to be free of any virus or other defect that might
affect any computer system into which it is received and opened, it is the
responsibility of the recipient to ensure that it is virus free and no
responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and
affiliates, as applicable, for any loss or damage arising in any way from its
use. If you received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic or hard
copy format. Thank you.
**********************************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
