> -----Original Message----- > From: [email protected] [mailto:therightkey- > [email protected]] On Behalf Of Jon Callas > Sent: Wednesday, February 01, 2012 3:28 AM > To: [email protected] > Subject: Re: [therightkey] Will the real RPF please stand up? > > > On Jan 31, 2012, at 7:35 PM, Phillip Hallam-Baker wrote: > > > I don't see the problem with defining the term 'trustworthy' > > > > Risk = Cost imposed by likelihood of probable loss. > > Trust = Confidence with which risk is assessed. > > Trusted = An entity that is relied on to mitigate risk (whether > > trustworthy or not). > > Trustworthy = An entity that meets rational criteria for risk > mitigation. > > > > We could wordsmith the definitions, but I think we can probably agree > > on the general principles. > > > > The problems stem from the fact that risk is a very complex function. > > It is not merely probability * probable loss since in a real world > > situation both are continuous functions, I might suffer $100 loss > > with probability X, and a $1000 loss with probability Y and so on. > > > > And it is not just the expected loss that is the issue but the cost > > that expected loss would impose on my business. My probability of a > $1 > > million loss might be 0.1% but the cost that potential imposes on my > > business might be much higher than $1000. > > > > > > I think we should also be able to come to agreement that even though > > we can define the terms, we can't expect to come to precise > > measurements, or even particularly satisfactory measurements. If we > > could do that we would be in the regular business of insurance. > > > > In particular, insurance companies have always avoided writing > > policies on acts of war. The reason being that the probable losses > > simply do not follow a predictable pattern. Losses due to theft and > > even natural causes follow reasonably predictable patterns. > > > > We are now dealing with politically motivated attacks and so we end > up > > with probabilities that don't fit a mathematical model and losses > that > > don't have a monetary value. > > I don't buy it. > [cut] > > And keys are just labels. I'm enough of an SPKI revanchist to say that > keys are just names or labels. You can no more determine > trustworthiness from a mere name than you can tell a book by its cover. > To talk about trust, let alone trust*worththiness*, you're talking > reputation. And what we mean by reputation is not merely certainty but > certainty of a desirable outcome. Reputation and risk diverge when > there's a low risk of a good outcome. > > That's why we really shouldn't touch it, unless we're going to truly > talk about the counterintuitiveness of a bad reputation being one that > has low risk. > > Jon >
Phil, I read through of your PDF docs. Jon brings-up a point related to trust and reputation. What is not shown (or simply assumed) in the Four Corners model is that a huge amount of legal foundation (what I call "Social Trust") exists in the banking world (where the four corners model exists). The folks working on the "post-Liberty" (my term) identity protocols and federation have learned over the last 10 years or so that a "Trust Framework" (ala FICAM) is needed to being together Technical Trust and Social Trust. Otherwise the eco-system simply does not start working. Bilateral contracts just don't scale. Thus what I think is missing from this proposal is a recognition for the need of a "Trust Framework" that will define the obligations of all the participants in your ecosystem (eg. the CAs, DNS server operators, ICANN, etc. etc.). Developing a Trust Framework for the next-generation internet infrastructure would be a great leap forward for the IETF. Otherwise, we just get stuck in the nuts-and-bolts of yet more "technical trust" (yet another set of protocols to do XYZ). /thomas/ __________________________________________ Thomas Hardjono MIT Kerberos Consortium email: hardjono[at]mit.edu desk: +1 617-715-2451 __________________________________________ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
