Professional Documents
Culture Documents
>
>Intuitively, I think one would consider statements of the form a) Alice
>trusts Bob" to be stronger than b) "Alice believes Bob is trustworthy" for I
>think a) is inherently 'active' and b) is inherently 'hypothetical', in
>Tony's sense. Thus in making trust statements, this subtle difference may
>affect Joe Public's level of confidence in Bob.
>
This conclusion further indicates the passive attitude taken when
"trustworthiness" is used as the NAS' report backbone, as if trust
could be passive and objective.
Regarding this attitude, and answering the openning question of this
message, it is interesting to go back in time some 400 years. The
citation is from Bertrand Russell's work, available in the Net at
http://csmaclab-www.uchicago.edu:80/philosophyProject/sellars/russell/rus2.html
and the comments within [] are mine. By using this example, I am
following what has been called the AM (Anthropomorhic Metaphor) case
in the mcg-talk list and which postulates that since software agents
should be at least as capable as "perfect clerk" human agents then it
is useful to consider human-like actions as models to be copied,
rather shamelessly (this is not new but follows the example of Turing
when devising the Turing-Machine model).
Descartes (1596-1650), the founder of modern philosophy, invented a
method which may still be used with profit -- the method of
systematic doubt [Security work can profit well from such method, as
we will see]. He determined that he would believe nothing which he
did not see quite clearly and distinctly to be true [What a nice
security maxim to be used in the Internet!]. Whatever he could bring
himself to doubt, he would doubt, until he saw reason for not
doubting it [ditto, maxim #2]. By applying this method he gradually
became convinced that the only existence of which he could be quite
certain was own [This means, that one can only be certain of one's
own server or client but anything else can be an illusion in
the Internet -- maxim #3]. He imagined a deceitful demon, who
presented unreal things to his senses in a perpetual phantasmagoria;
it might be very improbable that such a demon existed [this demon
exists! It is called today: hackers, virus, fraudsters, etc.], but
still it was possible, and therefore doubt concerning things
perceived by the senses [ie, by the software/hardware and by the
user] was possible.
But doubt concerning his own existence was not possible [your client
or server exists], for if he did not exist, no demon could deceive
him. If he doubted, he must exist; if he had any experiences
whatever, he must exist. Thus his own existence was an absolute
certainty to him [this means that trust MUST begin as self-trust]. 'I
think, therefore I am, ' he said (Cogito, ergo sum); and on the
basis of this certainty he set to work to build up again the world
of knowledge which his doubt had laid in ruins [ie, which the mere
existence of real-world hackers, viruses, fraudsters, etc are
conspiring to set in ruins]. By inventing the method of doubt, and
by showing that subjective things are the most certain, Descartes
performed a great service to philosophy [and to Internet security!],
and one which makes him still useful to all students of the subject