On 04/03/2010 08:23, synx wrote: >> CAcert has a large body of Assurers (3401 yesterday) who run around the >> planet checking your "identity" and other things, p2p but also >> face2face. > > My biggest problem with CACert (no offense) is that it still relies on > centralized identity collection mechanisms, such as a driver's license, > birth certificate, or other form of government ID.
Sure, no offence. To clarify CAcert's position, and to follow up on this tiny distraction from the thread ... it wants to free up the crypto infrastructure that is in browsers and mailers, so as to assist people with threats like phishing and so forth. One way to free up that crypto is to be a CA. Wanting to get the security to the users above other priorities is probably something a lot of the open world shares, this is just a different path. Call it "playing by their rules." So, following the school of "playing by their rules," CAcert does indeed seek to rely on classical centralised identity documents. To some extent, CAcert chose that way, in order to not make it's job even harder (consider who it is up against). Even more fun, even that has limits which are rather sad, so CAcert had to do other things as well in order to make the myth of "papers" work out at all. Which is to say, CAcert does not treat as religious the reliance on those documents. It's just where it's at now. In time, it will be stronger than that. > I'm proposing a > different mechanism, where people could start with a blank identity > whenever they wanted, but build up a reputation for that identity by > doing benevolent acts over time. I've worked in things like that. I can think of three or four times where the whole lot collapsed ... because someone breached the trust, and stole the honey pot. The problem with a reputation built from positive acts is that it is unbalanced, and people tend to impose valuations over it that assume the ability to punish, wrongly. > Relying on a government ID relies > obviously on the government, so wouldn't work in destabilized areas, nor > would it work in stable areas where the government has been taken over > by powerful oligarchs who resort to assassination of public figures to > make sure their puppet leaders don't step out of line. What I'm saying > is government itself is a weak point, a vulnerability that may be > compromised by people accumulating wealth and power. Relying on them and > not on one's own actions that have been signed by one's own key, is a > mistake in my opinion. Maybe not on the short term, but in the long run > it just defers and amplifies the act of betrayal. Instead of ripping us > off at the soda stand, the betrayers instead slowly compromise the > government and engineer a total economic collapse. (except for them of > course) I don't disagree, and would just point out that CAcert has gone half way to unlinking itself from those shackles. We actually don't rely on government Id nearly as much as people might think. I can't predict the future, but I wouldn't shed a tear if the other half was achieved. >> makes a ruling. The ruling has some teeth, because the Arbitrator can >> award a fine of up to 1000 euros, not that this has happened as yet. > > Uh, where does the money go? Wherever the Arbitrator says it goes. > I'm all for discouraging people from > running scams on the CACert network, but I have enough bad experiences > with the Guilt Industry What's the Guilt Industry? > that I have to ask what you would do with that > money, and how it would avoid motivating you to encourage trust failure > or continue to raise the arbitrary penalty fees. Oh, you mean, CAcert would run around hitting people with "speeding fine" for revenue raising purposes. What stops that (or addresses it) is that (nearly) all the rulings are open, readable. It's definately possible, but I think it is the least of our problems right now, give it another decade :) >> We have established a thing called CAcert Assurer Reliable Statement, or >> CARS for short. If we request some form of "proof" or evidence, we can >> simply ask any Assurer to go research or do something, then report back. >> And add CARS to the end, signifying that the author will stand by the >> words. (We also often sign these things digitally.) > > That's a good idea! "Benevolent acts" don't necessarily have to be > heavily resource intensive, like building a house. It could be as simple > as helping someone out with their book report. Even researching > something relatively common would establish them as capable of producing > complete sentences and communicating with you in a civil manner. > >> No longer are we talking about some volunteer with a penguin >> t-shirt, > > For the record I do not have a penguin t-shirt. :) >> catalogue what trust meant, instead we created a vector, a message, that >> can be used for anything ... but carries weight. > > So basically what you're saying is... you created money. Ha! We haven't priced this message, so is it money? iang _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
