From: “Frank O’Dwyer” <fod@brd.ie>
To: “‘Cypherpunks Mailing List’” <cypherpunks@toad.com>
Message Hash: 718f8c73d1f89af2b5c75f8e1863477b3be84502db6b71a2555565d8f6e6bb5e
Message ID: <01BADCE4.66BC9880@dialup-100.dublin.iol.ie>
Reply To: N/A
UTC Datetime: 1996-01-07 14:33:44 UTC
Raw Date: Sun, 7 Jan 1996 22:33:44 +0800
From: "Frank O'Dwyer" <fod@brd.ie>
Date: Sun, 7 Jan 1996 22:33:44 +0800
To: "'Cypherpunks Mailing List'" <cypherpunks@toad.com>
Subject: RE: "trust management" vs. "certified identity"
Message-ID: <01BADCE4.66BC9880@dialup-100.dublin.iol.ie>
MIME-Version: 1.0
Content-Type: text/plain
On Sunday, January 07, 1996 12:22, Futplex[SMTP:futplex@pseudonym.com] wrote:>Frank O'Dwyer writes:
>[I've adjusted the line breaks for those of us with 80-column displays]
Apologies - this mailer doesn't give me any indication
where the margin is.
[...]
>>a signator's job in signing for my identity is
>> easier (and less risky) than signing for my trustworthiness.
>I am doubtful. I can't vouch for the identities of very many people on this
>list. (I've even met, e.g., Lucky in person and I certainly have no clue
>what his verinym might be, nor do I particularly care.) On the other hand, I
>am willing to sign onto all sorts of judgements about the trustworthiness of
>various people on the list, and other aspects of their reputations. I've
>driven hundreds of miles based on trust developed online with people whose
>identities I still haven't verified. I've even agreed to loan hundreds of
>dollars to someone I knew only as an online pseudonym.
I'm not saying that trust requires identity (it obviously doesn't,
since we all make trusted cash transactions all the time
without having to produce any id.). But it is usually easier to
determine (and vouch for) who a stranger is than how trustworthy
they are, if only because there are quick and easy real-world
mechanisms for this (driver's licence, passport,etc.). That's all
I meant.
(BTW, can you lend me a few bucks? :-)
[...]
>I am swayed by the view expounded by Carl Ellison that a key, not an
>identity, should be the anchor to which attributes are attached. (Sorry if
>I am misstating or oversimplifying the position here.) I think identity
>should be hung off the key as just another (optional) attribute.
That's an extremely useful way of looking at it, I agree.
But the lifetime of a key is often less than that of some
attribute. It's easy to imagine one email address having
a succession of keys. But then again, one might
acquire and discard email address more often than
keys (I've gone through three addresses in the last year
or so). So perhaps a better model is just a loose
assocation of attributes, with "key(s)" and "identity(s)"
being two very interesting ones, but no one attribute
being primary all the time.
(I'm thinking out loud here -- I'm actually trying to come
up with some C++ classes for this sort of stuff, so this
discussion is pretty interesting to me. Thus far, I'd got
to the model you describe - a key has a bunch of
attributes, one them identity. But now I'm thinking that
this maybe isn't enough, and an 'identity-centric' view is
also needed. Perhaps there should be multiple views
into the same data?).
>I think your comments apply pretty well to trust relationships in the flesh,
>but don't fully take the net into account.
Right. I was only talking about 'verinyms', really.
Cheers,Frank O'Dwyer
fod@brd.ie http://www.iol.ie/~fod
Return to January 1996
Return to ““Frank O’Dwyer” <fod@brd.ie>”
1996-01-07 (Sun, 7 Jan 1996 22:33:44 +0800) - RE: “trust management” vs. “certified identity” - “Frank O’Dwyer” <fod@brd.ie>