summaryrefslogtreecommitdiff
path: root/trust.mdwn
blob: 4eee6a3d8eb4efb644650d8ff049765642a7df96 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[[license text="""
Copyright © 2007 Free Software Foundation, Inc.

Permission is granted to copy, distribute and/or modify this document under the
terms of the GNU Free Documentation License, Version 1.2 or any later version
published by the Free Software Foundation; with no Invariant Sections, no
Front-Cover Texts, and no Back-Cover Texts.  A copy of the license is included
in the section entitled [[GNU_Free_Documentation_License|/fdl.txt]].
"""]]

The word trust is used in a number of contexts with different technical meanings.
Sometimes it is used to confuse, for instance trusted computing is rarely about
providing users reason to trust that software they are running does not violate
their intents but about providing a mechanism for a third party to verify
that software that runs on a remote computer obeys him or her rather than the
user.

When we say that a program trusts another, we mean that [[correctness]] of the
former depends on the cooperation of the latter.  For instance, when a user runs
ssh, the user's intention is that all communication is encrypted.  In this case,
the user trusts that the ssh binary respects this intent.  In Unix, a program's
[[tcb]] consists not only of the kernel (and all the drivers,
file systems and protocol stacks that it contains) but every program running
under the same UID; it is impossible to protect against 
[[DestructiveInterference]] from programs running under the same UID.