That is a good point, and one that threatens to create a whole new chapter.
First, replying to Jon, what we are managing is not risk itself but the cost imposed by the possibility of unintended outcomes. If the guy is jumping out of a skyscraper and does not intend to make himself into people pancake on the pavement, then he has a 100% probability of realizing a major unintended outcome. We could maybe come up with a precise term but the key point is that the objective is to minimize the costs imposed by the unintended outcomes. That is the way the system was originally designed and it is still the right way to design the system. What has changed is that a hundred million people now carry mobiles with cameras and so suddenly the dwindling number of dictatorships are discovering that they are now accountable for every atrocity their security forces commit on camera. So looking at the point Thomas raises, I think it makes the point about costs quite clearly. Alice is a patient Bob is Alice's doctor Carol is an outsource provider of patient records management systems. Alice trusts Bob with her life (quite literally). Bob has a professional duty to maintain Alice's confidentiality plus a huge business incentive to do so. As a consequence Carol has to do more than merely demonstrate to Bob that she can maintain the records more securely than Bob could by himself because Bob has to justify the situation to Alice (and hundreds of other patients). If he has to talk to every patient and it takes him 5 minutes, he has just lost a week of working time he could have been making money in. If that scheme is going to work at any level it is going to require some sort of standard controls that Carol can be evaluated against On Wed, Feb 1, 2012 at 11:35 AM, Thomas Hardjono <[email protected]> wrote: > > >> -----Original Message----- >> From: [email protected] [mailto:therightkey- >> [email protected]] On Behalf Of Jon Callas >> Sent: Wednesday, February 01, 2012 3:28 AM >> To: [email protected] >> Subject: Re: [therightkey] Will the real RPF please stand up? >> >> >> On Jan 31, 2012, at 7:35 PM, Phillip Hallam-Baker wrote: >> >> > I don't see the problem with defining the term 'trustworthy' >> > >> > Risk = Cost imposed by likelihood of probable loss. >> > Trust = Confidence with which risk is assessed. >> > Trusted = An entity that is relied on to mitigate risk (whether >> > trustworthy or not). >> > Trustworthy = An entity that meets rational criteria for risk >> mitigation. >> > >> > We could wordsmith the definitions, but I think we can probably > agree >> > on the general principles. >> > >> > The problems stem from the fact that risk is a very complex > function. >> > It is not merely probability * probable loss since in a real world >> > situation both are continuous functions, I might suffer $100 loss >> > with probability X, and a $1000 loss with probability Y and so on. >> > >> > And it is not just the expected loss that is the issue but the > cost >> > that expected loss would impose on my business. My probability of > a >> $1 >> > million loss might be 0.1% but the cost that potential imposes on > my >> > business might be much higher than $1000. >> > >> > >> > I think we should also be able to come to agreement that even > though >> > we can define the terms, we can't expect to come to precise >> > measurements, or even particularly satisfactory measurements. If > we >> > could do that we would be in the regular business of insurance. >> > >> > In particular, insurance companies have always avoided writing >> > policies on acts of war. The reason being that the probable losses >> > simply do not follow a predictable pattern. Losses due to theft > and >> > even natural causes follow reasonably predictable patterns. >> > >> > We are now dealing with politically motivated attacks and so we > end >> up >> > with probabilities that don't fit a mathematical model and losses >> that >> > don't have a monetary value. >> >> I don't buy it. >> [cut] >> >> And keys are just labels. I'm enough of an SPKI revanchist to say > that >> keys are just names or labels. You can no more determine >> trustworthiness from a mere name than you can tell a book by its > cover. >> To talk about trust, let alone trust*worththiness*, you're talking >> reputation. And what we mean by reputation is not merely certainty > but >> certainty of a desirable outcome. Reputation and risk diverge when >> there's a low risk of a good outcome. >> >> That's why we really shouldn't touch it, unless we're going to truly >> talk about the counterintuitiveness of a bad reputation being one > that >> has low risk. >> >> Jon >> > > Phil, > > I read through of your PDF docs. > > Jon brings-up a point related to trust and reputation. What is not > shown (or simply assumed) in the Four Corners model is that a huge > amount of legal foundation (what I call "Social Trust") exists in the > banking world (where the four corners model exists). > > The folks working on the "post-Liberty" (my term) identity protocols > and federation have learned over the last 10 years or so that a "Trust > Framework" (ala FICAM) is needed to being together Technical Trust and > Social Trust. Otherwise the eco-system simply does not start working. > Bilateral contracts just don't scale. > > Thus what I think is missing from this proposal is a recognition for > the need of a "Trust Framework" that will define the obligations of > all the participants in your ecosystem (eg. the CAs, DNS server > operators, ICANN, etc. etc.). Developing a Trust Framework for the > next-generation internet infrastructure would be a great leap forward > for the IETF. Otherwise, we just get stuck in the nuts-and-bolts of > yet more "technical trust" (yet another set of protocols to do XYZ). > > /thomas/ > > > __________________________________________ > Thomas Hardjono > MIT Kerberos Consortium > email: hardjono[at]mit.edu > desk: +1 617-715-2451 > __________________________________________ > > > > > > > > > > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
