From: Hal <hfinney@shell.portal.com>
Date: Sat, 3 Sep 94 08:38:29 PDT
To: cypherpunks@toad.com
Subject: Re: Problems with anonymous escrow 2--response
In-Reply-To: <199409012015.NAA08436@deepthought.pylon.com>
Message-ID: <199409031538.IAA03232@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought Blanc Weber made a good point when he wrote:

>Well, I was thinking that certifications & reputations wouldn't 
>mean all that much to me, nor either knowing or being 
>unfamiliar with someone's identity (or pseudonymity).  I would 
>be more convinced with a demo.  Something which could 
>demostrate facility or ability would be more valuable to me 
>than a second-hand proof.

This is similar to Tim May's suggestion for a credential-less society
(as far as possible).  Rather than trying to carry around a lot of
baggage in the form of certifications, credentials, reputations, etc.
(anonymous or not), people structure their affairs in such a way that
transactions can be completed using just the information at hand.
Blanc's idea for immediate demos to demonstrate competency could tie
into this nicely.

>This anonymity/identity and certification/reputation business 
>looks to me like trying to have one's cake and eat it, too, as 
>the expression goes.  A featureless landscape with remote 
>associations to actual substance so as to both please the 
>aloof-ers & appease the uncertain.

I didn't quite follow the rest of Blanc's message (a problem I have, I'm
afraid, with many of his postings) but I do agree that there are problems
with the use of reputations as a catch-all to solve the problems of
anonymity.  Faced with the ease of unpunished cheating in an anonymous
relationship, people introduce the idea of reputations, sometimes called
"reputation capital", and assert that cheaters would in fact be punished
by damage to their reputations, the loss of reputation capital.

What is this stuff, reputation capital?  What does it look like?  How can
it be measured?  How much is it really worth?  I think this concept needs
to be clarified and examined if it is to serve as one of the principle
foundations of pseudonymous commerce.  (I know there is a concept in
modern finance which attempts to measure the economic value of a firm's
reputation, called, I think, "good will", but I don't know how similar
that would be to what we are talking about.)

One question is, to the extent that a "piece of reputation capital" is an
actual object, a digital signature or token of some sort, how heavily
linked is it to a given owner?  If I run two pseudonyms, Bert and Ernie,
and Ernie earns a piece of reputation capital, can he securely transfer
it to Bert and have Bert show it as his own?

On the one hand, we would not want this to be so (or, expressed in less
normative terms, people would probably be uninclined to put much value on
reputation capital which had this mathematical structure).  If the
purpose of reputation capital is to, in effect, punish cheaters, this is
defeated to a large extent if it can be transferred.  Ernie can earn
a reputation, cheat, and then have Bert show the good aspects of Ernie's
reputation while being unlinkable to the bad.  Going back to the earlier
discussion of anonymous escrow agents this would seem to make it far too
easy for dishonest agents to succeed.

On the other hand, untransferrable credentials are undesirable from the
point of view of privacy.  That was the whole point of Chaum's work on
pseudonyms and credentials.  If pseudonym credentials are untransferrable
we have a problem where information builds up about a pseudonym that is
very nearly as bad as a completely identified system.  It is true that at
least the ultimate linkage between pseudonym and physical body is broken,
but to the extent that your on-line activities _are_ your pseudonym, it
is no more desirable to allow dossiers to be built up about your on-line
personality than your off-line life.

Chaum's system worked in large part because it was ultimately grounded in
an identity-based system.  People could have credentials and transfer
them, but there were limits on the types and numbers of pseudonyms you
could have.  I think these kinds of restrictions could limit some of the
problems which arise with transferrable reputation credentials, although
the general problem of "negative credentials", which is really another
word for the problem of punishing cheaters, was not fully solved by
Chaum's approach, at least not in a way that I understood (he wrote as
though he had solved it).

One final point I'd make is that Tim's idea about avoiding credentials,
along with the points Blanc made, is attractive but there do seem to be a
lot of situations where credentials are shown in life.  When that is
necessary it is tempting to fall back on a trusted authority, the
anonymous escrow agent or perhaps Jason Solinsky's cyberspace government,
but I think you still have the problem of those authorities proving their
honesty.  So the problems of credentials and reputations are still
present.

Hal