[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: acceptance&commitments over trust

Carl Ellison wrote:

> At 04:08 PM 3/30/98 -0800, Tony Bartoletti wrote:
> >Dispense for the moment with the word "trust".  Consider instead the term
> >"enlightened reliance".
> >
> >Of course, we are interested directly with commitments, contracts and
> >liabilities.  But any reliance on these *presumes* other fundamentals.
> >"With whom did I commit?" "What evidence leads me to believe so?"  "How
> >did this evidence come into my possession?"  "Through what channels?"
> The only problem I have with your wording is that the word "whom" suggests
> to most people a name.  The answer to your first question is "the keyholder
> of key X at time T".  Tying that to "keyholder X at time T' " or to some
> flesh&blood person is yet to be determined.  It is not always necessary
> to tie (keyholder (X)) to any 3D-world person.

Seems to me it should be "with what" did I commit, since to have any real legal
impetus the context of the "corporate individual" has to resolved. This is more
a treaty issue seems to me.


> >Much of this seems beyond the immediacy of public keys, digital signatures
> >and certifications.  It deals more generally with the underlying structure
> >(or lack of structure) for managing the histories of evidence that lead us
> >to make decisions regarding the employment of keys and certificates.
> Yes.

Yes but these have to be based upon some proofing model, lest they cannot be

> >At present, we float in a sea of data, and grasp at near-term facts that
> >appear on the surface to support our decision-making.  We do this out of
> >our (human) memory and generally ignore the historical dependencies that
> >lead us to take as facts this data.  Too much baggage to hold onto using
> >(human) memory, or to deal with using just our wits.
> >
> >And yes, as Bob Jueneman often puts it, "so commerce is impossible" ;)
> It probably would be if it weren't for the fact that almost everybody
> is honest.
> >Of course we'll get by without a deeper decision-making foundation, for
> >a while at least.  But as we delegate more and more decisions to software
> >automatons, we may have to codify these reliance measures with a more
> >comprehensive methodology.  Will Ed's stuff do this for us?  I don't know.
> >I can barely understand it.  But I can't get myself to ignore it, and I
> >won't ignore it simply because it makes my head hurt.

How about a simple set of uniform stratified trust models. Bring Authentication
and certifiable time/timestamping into the picture and non-repudiable models ae
not so far fetched. For certain closed topologies/sysems they would only need
the certified time for their trust transport enable.

> Ed's stuff is fascinating, but it strikes me as an intellectual exercise
> inspired by a false premise: that unqualified "trust" is something we can
> define.  My claim is that the word "trust" was used in crypto research
> papers the way a mathematician uses any variable in an expression.  It's
> intended for the user to fill in -- while the researcher didn't need to know
> what it means in order to show how sloppy crypto or protocols can violate it
>  -- which was the point of such papers.  My suspicion is that a bunch of
> people assume the naked word "trust" must mean something, so they're busy
> trying to define it carefully -- rather than use it as the unbound variable
> it was meant to be.
>  - Carl
> Version: PGP for Personal Privacy 5.5.3
> 6y1RuSmw6x25NuOzl74OgAPTvFBEa2kElU10DwvcIWX7mr4S1Fw9kSzeXhvScFE6
> BJm5V+qYs45bQOWCZOKkemtx2JWnmQ6ktAqReGhsZhPTKVwxcUQYF6/RllIcCYo+
> nF33J+2j0Q4=
> =jyyC
> +------------------------------------------------------------------+
> |Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
> |CyberCash, Inc.                      http://www.cybercash.com/    |
> |207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
> |Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
> +------------------------------------------------------------------+