Broken Chains of Trust. To me, it is all make believe | by Vicente Aceituno Canal | The CISO Den | Aug, 2025

To me, it is all make believe

Press enter or click to view image in full size

Have you ever thought about the reasons we trust what we trust on Internet? The reality is surprisingly complicated.

Trust chains are an interesting paradox. Let’s say Alice says “I am Alice to Bob”, how can Bob be sure Alice is who she claims to be? May be can have Charles say “Yes, it is Alice”, and if Bob trusts Charles can take that face value. But how can Bob trust that Charles is he claims to be? Do we need Diana to say “Yes, it is Charles”. Where does the bucket stop?

So it seems that trust need to be bootstrapped with “Known Good” actors.

But a list of “Known Good” actors is not enough. If besides Alice, Bob, Charles and Diana we have Alicia, Roberto, Carlos and Damian, and Charles is in the “Know Good” actors list, an interesting question arises. Can Charles make assertions like “Yes, it is Alice” about people like Alice, Bob, Charles and Diana, or is Charles also qualified to do the same about Alicia, Roberto, Carlos and Damian? Maybe, maybe not.

So what we need of a “Known Good” actor list with a definition of the scope they are qualified to make assertions about. The following question in the rabbit hole is, who says what scope is each Known Good actor qualified to vet. So now we have “Known to Know who is Good for what” list.