Posted Feb 19, 2010 7:54 UTC (Fri) by khim
In reply to: Good idea, but don't expect too much
Parent article: Trust, but verify
When I contact my credit card company, I do so by calling the
phone number printed on my credit card.
Yup. And by doing this you blindly trust your telecom provider, your
phone manufacturer, producer of the CPU for you phone, producer of the OS
for you phone and so on.
When I mail them a check, it goes to an address that I am
familiar with from when I opened the account.
But you use another organization certified by trusted authority - be it
USPS or DHL. Heck, when you visit USPS or DHL office you trust the sign on
doors - and integrity of this sign is guaranteed by central authority
In none of these cases do the parties use an arbitrary trusted
Sure they do. More often then not there are a lot of parties
involved which are used because they are certified by central authority
(they have a license from government or they are certified by some agency
licensed by government, etc).
It's good idea to use web-of-trust-like models to get a second opinion
(today's browser implement it via different services designed to prevent
scams), but to try to replace usual chain of certificates with web-of-trust
model... that's just crazy.
to post comments)