From owner-mcg-talk@localhost Fri May 16 17:21:58 1997 Return-Path: owner-mcg-talk@novaware.cps.softex.br Received: (from majordom@localhost) by localhost (8.8.5/v3.2) id RAA05325 for mcg-talk-outgoing; Fri, 16 May 1997 17:21:58 -0300 Message-Id: <199705162021.RAA05325@localhost> Date: Fri, 16 May 1997 17:25:51 -0300 (EST) From: "111229" To: mcg-talk@localhost Subject: Checking validity Sender: owner-mcg-talk@novaware.cps.softex.br Status: RO X-Status: I've been looking through some more of the documents and think I understand better how a Meta-Certificate gets validated. Dr Gerck's discussion of measuring validity draws upon gauge theory, which is another mathematical discipline, devoted to figuring out how to measure things. It's relatively easy to set up a gauge, which produces a single number that combines measurements. For example, I can construct a gauge that measures distance between two points using the standard distance formula we all learned in math. I can also make other, gauges in a pretty arbitrary fashion that use other functions to produce a single value. Apart from building a gauge, you also use it; after all, it's built for measuring things. Let me construct a gauge for measuring validity in a Meta-Certificate that is being used in a dial-in server: If the certificate holds a PGP key, score 25 points for any signature on it that is in keyring K. (This means that K is a list of partially trusted introducers). If one of those signatures above was Mother Theresa's, score an additional 50 points. If the certificate holds a letter from the Taliban, score 100 points. If the dial-in used a callback, score 75 points. If the dial-in supplied a caller-id number, score multiply all points by 2. Now let's look at this gauge. We're going to use a threshold value and consider the certificate valid if it scores above 80. Note that four known PGP signatures get you in, even if you telnet in; similarly, Mother Theresa's signature, plus one other will get you in. A letter from the Taliban always lets you in. If you dial in with caller id, a single known PGP signature will allow you in. If you use a dial-back, then Mother Theresa's signature alone, or any two other signatures will let you in. If you use both caller id and a dialback, you don't need any other form of authentication. We are assuming confidence in the phone system to enhance the confidence in other parts of this system. This is what Dr Gerck calls `borrowed trust'. Gauges are valuable because they combine a variety of measurements into a single reading. You can build a variety of trust models into a Meta-Certificate by writing the appropriate gauge function.