summaryrefslogtreecommitdiff
path: root/trust.mdwn
blob: 46c762f064f4839a512e2af4ee0da8f58878757b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[[meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]

[[meta license="""[[toggle id="license" text="GFDL 1.2+"]][[toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
is included in the section entitled
[[GNU_Free_Documentation_License|/fdl]]."]]"""]]

The word trust is used in a number of contexts with different technical meanings.
Sometimes it is used to confuse, for instance trusted computing is rarely about
providing users reason to trust that software they are running does not violate
their intents but about providing a mechanism for a third party to verify
that software that runs on a remote computer obeys him or her rather than the
user.

When we say that a program trusts another, we mean that [[correctness]] of the
former depends on the cooperation of the latter.  For instance, when a user runs
ssh, the user's intention is that all communication is encrypted.  In this case,
the user trusts that the ssh binary respects this intent.  In Unix, a program's
[[tcb]] consists not only of the kernel (and all the drivers,
file systems and protocol stacks that it contains) but every program running
under the same UID; it is impossible to protect against 
[[DestructiveInterference]] from programs running under the same UID.