[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: acceptance&commitments over trust
-----BEGIN PGP SIGNED MESSAGE-----
At 04:08 PM 3/30/98 -0800, Tony Bartoletti wrote:
>Dispense for the moment with the word "trust". Consider instead the term
>"enlightened reliance".
>
>Of course, we are interested directly with commitments, contracts and
>liabilities. But any reliance on these *presumes* other fundamentals.
>"With whom did I commit?" "What evidence leads me to believe so?" "How
>did this evidence come into my possession?" "Through what channels?"
The only problem I have with your wording is that the word "whom" suggests
to most people a name. The answer to your first question is "the keyholder
of key X at time T". Tying that to "keyholder X at time T' " or to some
flesh&blood person is yet to be determined. It is not always necessary
to tie (keyholder (X)) to any 3D-world person.
>Much of this seems beyond the immediacy of public keys, digital signatures
>and certifications. It deals more generally with the underlying structure
>(or lack of structure) for managing the histories of evidence that lead us
>to make decisions regarding the employment of keys and certificates.
Yes.
>At present, we float in a sea of data, and grasp at near-term facts that
>appear on the surface to support our decision-making. We do this out of
>our (human) memory and generally ignore the historical dependencies that
>lead us to take as facts this data. Too much baggage to hold onto using
>(human) memory, or to deal with using just our wits.
>
>And yes, as Bob Jueneman often puts it, "so commerce is impossible" ;)
It probably would be if it weren't for the fact that almost everybody
is honest.
>Of course we'll get by without a deeper decision-making foundation, for
>a while at least. But as we delegate more and more decisions to software
>automatons, we may have to codify these reliance measures with a more
>comprehensive methodology. Will Ed's stuff do this for us? I don't know.
>I can barely understand it. But I can't get myself to ignore it, and I
>won't ignore it simply because it makes my head hurt.
Ed's stuff is fascinating, but it strikes me as an intellectual exercise
inspired by a false premise: that unqualified "trust" is something we can
define. My claim is that the word "trust" was used in crypto research
papers the way a mathematician uses any variable in an expression. It's
intended for the user to fill in -- while the researcher didn't need to know
what it means in order to show how sloppy crypto or protocols can violate it
-- which was the point of such papers. My suspicion is that a bunch of
people assume the naked word "trust" must mean something, so they're busy
trying to define it carefully -- rather than use it as the unbound variable
it was meant to be.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNSBqRxN3Wx8QwqUtAQFIXQP9HgzC15kpb2OUqRb+0kXMWJmATdYxlAzs
6y1RuSmw6x25NuOzl74OgAPTvFBEa2kElU10DwvcIWX7mr4S1Fw9kSzeXhvScFE6
BJm5V+qYs45bQOWCZOKkemtx2JWnmQ6ktAqReGhsZhPTKVwxcUQYF6/RllIcCYo+
nF33J+2j0Q4=
=jyyC
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: