On Oct 22, 2013, at 9:33 AM, Phillip Hallam-Baker <[email protected]> wrote:
> Trust is not transitive but cost measures are pretty stable > > Producing a web of trust with a thousand bogus entries costs essentially > nothing > > Producing such a web with twenty links to verified parties is much > more expensive > > Incidentally, I can't claim any originality for the extended work > factors I use as it happens. Although I came to them independently it > turns out that a co collaborator had gone so far as to organize an > event on the topic, > > But what I had not appreciated earlier is just what a difference it > makes to cast the web of trust problem in terms of a work factor > metric and introduce a combination of peer and ttp trust providers. Dear Phillip, Some hope to establish defenses for services that lack mandatory authentication. Without authentication, any possible reaction would be based on unconfirmed suspicions as the only rational response. Lack of authentication is often justified as a means to provide anonymity. While enabling individual anonymity is fine, those managing a system that may initiate abuse must be authenticated and held accountable (to be responsive to reports of abuse). Only those managing a system should be expected to attribute individual abuse based on internal accounts. As such, this management can be done with anonymity as well. Developing a group form of reputation for unauthenticated services as a means to avoid liabilities for errors made in identifying suspected abusive actors assumes dilution of these errors is a solution. This approach can not be fair and represents a dangerous easily poisoned system. Regards, Douglas Otis _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
