-----BEGIN PGP SIGNED MESSAGE-----
At 05:08 PM 3/10/00 -0500, Arnold G. Reinhold wrote:
>At 12:55 AM -0600 3/10/2000, John Kelsey wrote:
[stuff deleted]
>>>You may be right in practice, but it seems to me that a
>>>major goal of crypto research is to figure out how do do
>>>things in a way that does not rely on contract law and other
>>>forms of "trust me."
>>I have mixed feelings about this. On one hand, the legal
>>system in the US looks fundamentally broken to me. On the
>>other, even massively overworked, corrupt, or incompetent
>>judges are *human*. We are on the verge of building
>>computer systems which are intentionally outside the reach
>>of any human control. We've done this to some limited
>>extent now with anonymous remailers and even the internet.
>Scientific research is generally conducted on the premise
>that humanity is better off knowing more than less.
>Certainly many have questioned this assumption in other
>contexts, including nuclear power, germ warfare and DNA
>research. I don't propose to have that debate here.
Nor do I. But there's a related engineering question: Does
it make sense to build large systems in which there's no way
for humans to overrule the actions of programs once they're
set in motion? *That* is the question I'm raising, not
whether mathematicians and scientists should have tried to
somehow suppress the research that has made this possible.
It's clearly possible; that doesn't mean it's a good idea to
design systems like this.
To use a more common example, I believe there were some cars
(maybe experimental, I don't know) which would simply refuse
to start the ignition until all passengers had their
seatbelts on. There's no doubt that it's possible to design
such a car. But you couldn't sell them without making it
illegal to buy any other car, and users would flock to
mechanics to have the feature removed in droves, regardless
of the law.
I think it's dangerous to design important systems which
totally and irrevokably substitute the judgement of the
designers of the system at the time it was implemented for
the judgement of any human subsequently alive. At the same
time, there are some systems which probably have to be
designed this way, such as strong anonymous remailers. But
the longer the delay between when the request is written and
when it's fulfilled, and the larger the stakes of whatever
the system is doing, and the more complex the possible
requests, the less comfortable I am with it.
...
>On the whole, I think an unbreakable time-escrow service
>would be a plus if it could be done (a big "if"). In
>particular it provides a solution to the lost key problem.
>I'd be interested in hearing arguments to the contrary.
I actually think it would be a plus, too, and I've some
ideas for making it work better I'd like to bounce around
someday when I have some spare time.
>Arnold Reinhold
- --John
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOMmqlSZv+/Ry/LrBAQE+CwP9EuEDETJZxSrBTiRSkny3wHyAazvlnXFc
XGU2ACva5rwI8l5toLhug1ydbZsRsOXPWHEKAQJLeuz+3aFfSVyDeGGSsvNjaShM
Ca6nMjfbcq9CRNR6E96nLSgm42EWN98BPSzWp7a6mZbe13UhAIOJCqhzCfq5g8G+
lKq3apcTFZE=
=Rh7B
-----END PGP SIGNATURE-----
