Skip to main content
SpringerLink
Log in

Why isn't trust transitive?

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 1996)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1189))

Included in the following conference series:

Abstract

One of the great strengths of public-key cryptography is its potential to allow the localization of trust. This potential is greatest when cryptography is present to guarantee data integrity rather than secrecy, and where there is no natural hierarchy of trust. Both these conditions are typically fulfilled in the commercial world, where CSCW requires sharing of data and resources across organizational boundaries. One property which trust is frequently assumed or “proved” to have is transitivity (if A trusts B and B trusts C then A trusts C) or some generalization of transitivity such as *-closure. We use the loose term unintensional transitivity of trust to refer to a situation where B can effectively put things into A's set of trust assumptions without A's explicit consent (or sometimes even awareness.) Any account of trust which allows such situations to arise clearly poses major obstacles to the effective confinement (localization) of trust. In this position paper, we argue against the need to accept unintensional transitivity of trust. We distinguish the notion of trust from a number of other (transitive) notions with which it is frequently confused, and argue that “proofs” of the unintensional transitivity of trust typically involve unpalatable logical assumptions as well as undesirable consequences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Burrows, M., Abadi, M., Needham, R.M., 1990, A Logic of Authentication, ACM Transactions on Computer Systems 8(1) 18–36

    Article  Google Scholar 

  2. Cheswick, W.R., Bellovin, S.M., 1994, Firewalls and Internet Security: Repelling the Wily Hacker, Addison Wesley, 0-201-63357-4

    Google Scholar 

  3. Cresswell, M.J., 1973, Logics and Languages, Methuen, 0-416-76950-0

    Google Scholar 

  4. Gallin, D., 1975, Intensional and Higher-Order Modal Logic: with Applications to Montague Semantics, North Holland, 0-7204-0360-X

    Google Scholar 

  5. Gong, L., Needham, R., Yahalom, R., 1990, Reasoning about Belief in Cryptographic Protocols, IEEE Computer Society Symposium on Research in Security and Privacy 1990, 234–248

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Sciences, University of Hertfordshire, Hatfield

    Bruce Christianson

  2. Computer Laboratory, University of Cambridge, UK

    William S. Harbison

Authors
  1. Bruce Christianson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William S. Harbison
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mark Lomas

Rights and permissions

Reprints and permissions

Copyright information

© 1997 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Christianson, B., Harbison, W.S. (1997). Why isn't trust transitive?. In: Lomas, M. (eds) Security Protocols. Security Protocols 1996. Lecture Notes in Computer Science, vol 1189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-62494-5_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-62494-5_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-62494-3

  • Online ISBN: 978-3-540-68047-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation