On 02/01/2012 08:45 PM, Jon Callas wrote:
> I still claim that we should not go near trustworthiness because I'd rather
> come up with one good solution than several vague ones. The PKI debates of
> fifteen years ago bit off more than they could chew, and that's part of why
> we're here. I think we need to do less before we do more.
I think there's an underlying tension in this discussion between two
ways of seeing what we're trying to do:
0) we're trying to build one global mechanism for peer authentication
that will work automatically for everyone, without any per-user adjustment
Vs.
1) we're trying to build mechanisms for peer authentication that will
allow tools to reflect the decisions and perceptions of trustworthiness
made by their users
(0) seems kind of like the holy grail most folks would like to see, and
it would be very cool if things could Just Work like that. But i think
it's a dangerous goal.
It's dangerous because (0) seems to imply that all users face the same
threats, have the same levels of acceptable risk, and share the same
interests. This just isn't true in the real world, even in the limited
domain of verification of identity assertions.
If i'm an agent of the Central Council of Orgoreyn, i will be willing to
accept different assertions of identity than if i work for the Imperial
Court in Karhide. I may even have special access to to some identity
certification material that my counterpart in Karhide does not (and vice
versa). And if i'm an independent agent, unaligned (and potentially in
conflict) with both regimes, then my assessment of any particular claim
of identity will be different still.
Designing a system that assumes all users will be willing to accept a
single global identity authority (or set of identity authorities)
without any reflection of the user's particular circumstances is a
mistake. In particular, it seems likely to make the system be
unreliable for people who are already marginalized, or for people who
are in opposition to powers who have some control over the global
identity authorities.
So that leaves us with option (1), which has the sticky issue of needing
to gather these personal/idiosyncratic requirements from users and
interpret them into some sort of coherent technical policy. I know we
can't solve those UI issues on this list, but i'd hope that any proposed
solutions will at least consider the need to adjust for the user's
circumstances and propose some kind of reasonably coherent policy
approach to account for those circumstances.
--dkg
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
