I do see a problem with defining the term 'trustworthy', because it's reinventing the wheel. It's already been defined in law as "fiduciary". This is the kind of relationship you have with your doctor, your lawyer, your accountant, your bank, your insurance company, even your cemetary, every one of them regulated to a minimum standard of professional competence to protect your relationships with them from disclosure.
There's at least one US state (Nevada) which has laws which relate to Certification Authorities (NRS chapter 720). Their implementing regulations (NAC 720) are very strong and well-designed, and focus on the things that should be focused on for CAs (including licenses). The downside is that it's a $10k fee for the license, annually, and I have no idea how anyone could be expected to make any kind of profitable business in those conditions. We're developing systems which need to work in the real world. The real world already knows how to deal with paper, and the courts already know how to deal with paper. What we need to do is figure out a means to bring crypto practice more in line with the kinds of due diligence and privacy already expected of paper. In the US, it's a felony to tamper with or interfere with the delivery of paper mail (Postal Act). It's also a felony to attempt to bypass a technological protection measure, such as encryption (DMCA). It's not a felony to read unencrypted bits on the wire. Shouldn't we be trying to create stronger protections for our users, instead of wrangling over poorly reinventing the brittle wheel? -Kyle H On Tue, Jan 31, 2012 at 7:35 PM, Phillip Hallam-Baker <[email protected]> wrote:
I don't see the problem with defining the term 'trustworthy' Risk = Cost imposed by likelihood of probable loss. Trust = Confidence with which risk is assessed. Trusted = An entity that is relied on to mitigate risk (whether trustworthy or not). Trustworthy = An entity that meets rational criteria for risk mitigation. We could wordsmith the definitions, but I think we can probably agree on the general principles. The problems stem from the fact that risk is a very complex function. It is not merely probability * probable loss since in a real world situation both are continuous functions, I might suffer $100 loss with probability X, and a $1000 loss with probability Y and so on. And it is not just the expected loss that is the issue but the cost that expected loss would impose on my business. My probability of a $1 million loss might be 0.1% but the cost that potential imposes on my business might be much higher than $1000. I think we should also be able to come to agreement that even though we can define the terms, we can't expect to come to precise measurements, or even particularly satisfactory measurements. If we could do that we would be in the regular business of insurance. In particular, insurance companies have always avoided writing policies on acts of war. The reason being that the probable losses simply do not follow a predictable pattern. Losses due to theft and even natural causes follow reasonably predictable patterns. We are now dealing with politically motivated attacks and so we end up with probabilities that don't fit a mathematical model and losses that don't have a monetary value. On Tue, Jan 31, 2012 at 7:29 PM, Jon Callas <[email protected]> wrote:On Jan 26, 2012, at 2:55 PM, Richard L. Barnes wrote:As security engineers, our role is to (a) reduce the number of entities we trust; (b) reduce the extent to which we trust the remaining trusted entities; and (c) determine the trustworthiness of trusted entities.Really?Yep.+1 One of the better definitions I've heard. I would question whether (c) is even in scope; seems like a relying party function.We should run screaming from (c). Not only do there be dragons there, but there be dragons even in saying what "trustworthiness" means. Surely this is not a real-world reputation system. Jon _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey-- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
Verify This Message with Penango.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
