[wellylug] Re: CA-CERT Assurance

Fri Jun 4 11:39:23 NZST 2004

> Hi,
> 
> Due to the lack of interest in free digital certificates (zero responses) 
> the CA-Cert Assurers will not attend WLUG meetings to performance 
> assurances.
> 
> The lack of interest is disappointing (almost as disappointing as no-one 
> getting my ":q!" joke!) but understandable. We'll try again in six months 
> or so, when the email signal/noise ratio is exponentially lower there 
> might be a greater need.

I think you just missed the key problem :) Why should we trust *you*? :)

Quite frankly, I am no longer of the opinion that any number of points on a
graph can represent the trust levels that I utilise in daily life. There are
people I would trust with my life but not my wallet, and despite the "certifying
for a purpose" idea or even the PGP style "web-of-trust", nothing really
encompasses that kind of problem.

Points-accumulating systems are far too simplistic for the problem. From an
information-systems view, the barrier to accumulating points is simply not close
enough to the action the points enable. It's closer than buying a certificate
with money, that's for sure, but the link you have formed is:

I trust this person, you should too

Instead of:

This person has done something trustworthy, therefore they can be trusted

Of course, the reason why everyone doesn't do that is, how the hell do you tell
whether someone has done something trustworthy? its a really difficult problem,
so we attempt to use humans to fill in the gap. In theory, you trust someone
*because* they're trustworthy.

This isn't the case however, certainly trust is not..erm..transitive (iirc), in
that if A trusts B, and B trusts C, that does not mean that A can trust C. As a
crude but common example, many of you may well know someone who is a great
friend if you're male, but behaves terribly towards females. In this case, a
female who trusted me, could not trust my friend despite the fact that I can.

This is why, initially at least, all the web-of-trust gear was aimed towards
*identification* rather than trust. You may not be able to trust what C *says*,
but you can trust that they are C, because B has said so. 

Unfortunately, this only works up to one additional level of indirection. You
certainly can't trust D is who C says they are, because we can't trust C at all
despite the fact that B says they are worthy of trust.

Mitigating factors have been designed, public keyservers and the idea that you
should be able to go check up on someone by looking through previous publically
archived email from them with their signature etc, but the essence of the
problem is still that at the 3rd degree, we can't trust anyone, for all we know,
they could be completely fake. We have this theory that by having multiple
people at the "C" level signing "D"'s key, we can trust them further, and this
is true assuming you're not overly paranoid, but this requires a "web", not a
points-based heirarchy.

In the end, I don't think your proposal is a bad idea, I just don't see any
value in it for me. When I needed certs, initially I self signed, and then I
created a full-blown CA. The people who need to trust me can, because I run
their web/email services, and I have many more ways to screw with their lives
than faking CA certificates. Essentially they can rely on me because I have done
something trustworthy, I have forwarded their email and served up their journals
without screwing with them. It's no guarrantee, but short of being able to see
the future, it's the best kind of trust that can be obtained.

Gaining trust is hard work. It's supposed to be. There are no technical
solutions to this problem, semi-rl games with points and digital certs
included.

-- 
Richard Clark,
Analysis and Design,
Red Spider Ltd.
(+64) 021 478 219
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040604/69dbf99f/attachment.pgp 