Suppose we would paraphrase Augustine of Hippo (Ts. 132) and would discuss: whether certificates are trustful because they certify, or certify because they are trustful. . Then, like him, we might give the doubtless reply that they certify because they are trustful. On one level this is a fairly straightforward _expression_ of the _object_ivist stance that trust is a quality of the certificate itself, as opposed to the subjectivist stance that trust is relative to the user (or, in other words, trust is in the eyes of the beholder ). However, the risk is borne by the user (ie, the verifier, the relying party) who is in the subjective stance, so we must reject here the notion that trust is somehow _embed_ded or infused in the certificate and accept that trust must be a concept relative to the user's point of view. Thus, for certificates, trust is relative to the user and certificates are trustful because they certify

The problem with a trusted authority is the following: They don't need the magical key to cause a lot of damage. They are able to make others believe, you would have signed a message or a message wouldn't be signed by you. They could also use their abilities to do man-in-the-middle attacks. This is unclear.  A trusted authority, at least within my limited scope, has been defined as a large organization (as opposed to an individual), or a provably secure software agent. So the man-in-the-middle attack is certainly possible, but a whole host of people have to be in on the scam. I suppose it would be possible to build man-in-the-middle capabilities right into a root CA, but the problem remains that if the system proves insecure (because it was designed to be) then the bank (or the government, the difference is semantic) loses the trust it relies on.  Being trustworthy is what allows a bank to function, so why would they risk their existence on the assets of a client?  I'm not saying it couldn't happen, but it's not as trivial a hack as it sounded to me from your post. -Jared

The problem with a trusted authority is the following: They don't need the magical key to cause a lot of damage. They are able to make others believe, you would have signed a message or a message wouldn't be signed by you. They could also use their abilities to do man-in-the-middle attacks. I didn't take the strong position of yours distrusting the people of all certification centres or similar institutions. Thus I made the weaker assumption that there are persons there whose integrity is beyond my doubts. But it appears that even then there is a problem that is barely solvable. What you said can, I agree, indeed very well happen. We all learn time and again from newspapers cases e.g. that a policeman was connected with criminals. There is, I think, one point that is worthy of notice. While the normal criminal undertakings usually leave physical traces that stand some chance of being later detected and proved, the criminal manipulations with the bits are probably very much harder to get discovered and confirmed. This situation is further to be look upon in the light of the fact that certain democratic governments disire (or are already performing) very strict control of (electronic as well as non-electronic) communications of their citizens and hence are likely to have the inclination to tolerate, as a matter of convenience or 'necessity', certain not-so-well behaviour of persons in the aforementioned institutions (the functioning and cooperation of which contributes in turn to the well-being of the governments concerned). M. K. Shen ______________________________________________________

The problem with a trusted authority is the following: They don't need the magical key to cause a lot of damage. They are able to make others believe, you would have signed a message or a message wouldn't be signed by you. They could also use their abilities to do man-in-the-middle attacks. This is unclear.  A trusted authority, at least within my limited scope, has been defined as a large organization (as opposed to an individual), or a provably secure software agent. So the man-in-the-middle attack is certainly possible, but a whole host of people have to be in on the scam. I don't think that this necessarily follows; simply because an organization *is* large means, by definition, that only a small fraction of its personnel/capabilities are required to perform any particular operation. I don't need to corrupt the entire bank in order to adjust your account balance, a single corrupt clerk (or perhaps branch manager) can do it. Of course, there's a good chance that eventually, come audit time, this will be caught