David Honig wrote:
> At 04:45 PM 8/30/00 -0700, Ed Gerck wrote:
> >about whether they work. So, understanding the mathematical
> >properties of trust (trust not as an emotion but as something
> >essentially communicable), how can trust can provide an answer
>
> Hmm, the flow of trust.
>
> There are no such things as holes, just missing electrons.
(note: holes have "mass" and it turns out to be negative, so that
it is not just a missing electron but it interacts with electrons and
other holes)
> I wonder if its not trust, but anti-trust ('secret' information) that flows.
> Each 'trusted' node must be a diode and you can ask what if it breaks
> down.
Anti-trust or the complement of trust exists as well -- it is when you knowingly
refuse to trust, when you distrust (I call it cotrust). This is distinct from lack of
trust (i.e., neutral trust, I call it atrust) when you don't know whether you could
trust or not. And there is also unknown trust (I call it ignorance), when you don't
know you should assign a trust decision and so you don't even choose one of the
former three possibilities (trust, cotrust or atrust) -- being totally blind as to even
the need to choose.
These four types of trust have mathematical counterparts in software and can be
likewise used to "tag" information with a "validity label", providing for a reliance
metric used in four-level logic calculations.
The degrees of trust can thus be expanded beyond the simple "trust or no trust"
dilemma, into a set of four trust values which can be shown to be ordered from a
least value (unknown trust) to a highest value (trust). This metric can be further
subdivided, producing 64 degrees of trust -- again, ordered from least value to
highest value. And, so on, to highest orders still. Thus, we can have quantitative
levels of trust -- they are not ordinal numbers, they are cardinal numbers.
Again, software is able to use these values in order to properly process information
according to a reliance metric, and avoiding the pitfalls of simpler systems that
just consider "trust" or "not trust" as the end-all be-all of trust decisions.
This approach thus provides for a series of nested approximations (as higher orders
of trust are introduced) that solves the problem of dealing with incomplete
information,
which solution can be optimized for accuracy, reliability and cost. Of course, we
cannot
have at the same time (in general) 100% accuracy, 100% reliability and zero cost -- but
the approach allows solution spaces to be found, some of which may have acceptable
values for accuracy, reliability and cost (and other estimators, such as delay time).
Note that, in general, information is always incomplete -- so, this approach is already
in use even though just intuitively. Information is incomplete either because we
simply
do not have it or because it was deleted/changed/inserted by a fraudster/bug and we do
not know it.
Dealing with incomplete information is therefore the real security issue here.
I note that findings similar to mine were made in the field of relational databases
some
20 years ago already, when a need was felt to deal with incomplete information. There,
the so-called "null-theory" model allows also four levels of reliance to be defined,
levels
which can be assigned to the four levels of trust I mention above.
Cheers,
Ed Gerck
