Local man thinks trust is not transitive
February 24, 2012  

Like an Onion article, the title of this post is funny because it’s true.

I keep running into the “trust is not transitive” meme: If I trust Alice, and Alice trusts Bob, it does not mean that I trust Bob.

Well, I get that, but on the other hand, if I trust Alice with my password, and Alice trusts Bob with my password, then I’m out of luck. There’s no way to prevent this kind of “transitivity”. In security, that’s the bottom line.

So, please don’t use this meme because it’s simply not helpful.

As an aside, does anyone know where the notions of trust and transitivity were first discussed? This paper points to Thompson’s Reflections on Trusting Trust, but the word “transitivity” does not appear there.