[197] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Fri Oct 7 14:12:03 1994
From: hallam@dxal18.cern.ch
To: Tim Berners-Lee <timbl@quag.lcs.mit.edu>
Cc: hallam@dxal18.cern.ch, www-security@ns1.rutgers.edu
In-Reply-To: Your message of "Thu, 06 Oct 94 17:46:35 -0400."
<9410062146.AA05527@quag.lcs.mit.edu>
Date: Fri, 07 Oct 94 12:33:24 +0100
Reply-To: hallam@dxal18.cern.ch
[Sorry about earlier blank posting, network prob.]
To sumarise Tim's post :
* Each user choses their own authentication hierarchy by compositing other
hierarchies.
Within this general idea I think we need to expand just a little :-
* For user, read party. Organisations may have their own corporate systems of
trust. If I sign a document to be paid for by CERN they will want their
system of trust to be applied.
* Trust is context dependent. I may trust Joe not to send me a duff RFC but
not trust him an inch with money
* Trust is limited, I may trust Joe to $10 and AMEX to $1000.
But just to complicate matters:
* I almost certainly want to keep my personal system of trust private. I do
not want Joe to know that I don't trust him. We cannot arbitrate simply
by sending out our trust mapping to others.
Phill.
