"Trust" is thrown around in computer security and information
assurance circles all the time. Mostly, people use it to refer to a
vaguely beneficent moral quality. "This system has to have trust,"
I’ve heard in such conversations, or "We must trust this system."
There’s a famous definition of Infosec trust: you trust anything that
can hurt you. You trust it not to hurt you—because you can’t
prevent it from hurting you. Trustworthiness is a different matter
entirely, and I won’t talk about it today.
I’d like to see a shared definition of trust. Trust is a
relationship. It has three arguments: Alice trusts Bob for some
property. If you just say that Alice trusts Bob, you haven’t said
much. If you just say that Bob is trusted for some property, you
probably haven’t said anything. And if you just say that Bob is
trusted, you’ve said even less.
![[FSF Associate Member]](/users/bts/fsf-button-4448.png){kind=small}
Post a Comment