LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Terrific example

Terrific example

Posted Feb 19, 2010 7:54 UTC (Fri) by khim (subscriber, #9252)
In reply to: Good idea, but don't expect too much by iabervon
Parent article: Trust, but verify

When I contact my credit card company, I do so by calling the phone number printed on my credit card.

Yup. And by doing this you blindly trust your telecom provider, your phone manufacturer, producer of the CPU for you phone, producer of the OS for you phone and so on.

When I mail them a check, it goes to an address that I am familiar with from when I opened the account.

But you use another organization certified by trusted authority - be it USPS or DHL. Heck, when you visit USPS or DHL office you trust the sign on doors - and integrity of this sign is guaranteed by central authority (called government)!

In none of these cases do the parties use an arbitrary trusted authority.

Sure they do. More often then not there are a lot of parties involved which are used because they are certified by central authority (they have a license from government or they are certified by some agency licensed by government, etc).

It's good idea to use web-of-trust-like models to get a second opinion (today's browser implement it via different services designed to prevent scams), but to try to replace usual chain of certificates with web-of-trust model... that's just crazy.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds