On Feb 1, 2012, at 10:43 AM, Phillip Hallam-Baker wrote:
> That is a good point, and one that threatens to create a whole new chapter.
>
>
> First, replying to Jon, what we are managing is not risk itself but
> the cost imposed by the possibility of unintended outcomes. If the guy
> is jumping out of a skyscraper and does not intend to make himself
> into people pancake on the pavement, then he has a 100% probability of
> realizing a major unintended outcome.
>
> We could maybe come up with a precise term but the key point is that
> the objective is to minimize the costs imposed by the unintended
> outcomes. That is the way the system was originally designed and it is
> still the right way to design the system.
>
> What has changed is that a hundred million people now carry mobiles
> with cameras and so suddenly the dwindling number of dictatorships are
> discovering that they are now accountable for every atrocity their
> security forces commit on camera.
Phill, this is a great answer. I'll claim that it's just not the right question.
The Right Key has nothing to do with safe user experiences. Marginally, we
could address the sort of question such as "what does the SSL lock *mean*?" but
even that's pretty ill-defined. It also goes beyond whether trustworthiness
(whatever it means) is within scope.
I still claim that we should not go near trustworthiness because I'd rather
come up with one good solution than several vague ones. The PKI debates of
fifteen years ago bit off more than they could chew, and that's part of why
we're here. I think we need to do less before we do more.
Jon
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
