1998-10-23 - dbts: Dunkin Donuts, The Mysticism of Identity, Venture Capital,and Talking Frogs

Header Data

From: Robert Hettinga <rah@shipwright.com>
To: Vin McLellan <dbs@philodox.com>, e$@vmeng.com
Message Hash: 8986b24588882178de94266c60d3e7b9c95a105950008d02c254228b53070dee
Message ID: <v04020a04b2561b978874@[139.167.130.246]>
Reply To: <v04003a08b2551ff61c93@[198.115.179.81]>
UTC Datetime: 1998-10-23 16:31:44 UTC
Raw Date: Sat, 24 Oct 1998 00:31:44 +0800

Raw message

From: Robert Hettinga <rah@shipwright.com>
Date: Sat, 24 Oct 1998 00:31:44 +0800
To: Vin McLellan <dbs@philodox.com>, e$@vmeng.com
Subject: dbts: Dunkin Donuts, The Mysticism of Identity, Venture Capital,and Talking Frogs
In-Reply-To: <v04003a08b2551ff61c93@[198.115.179.81]>
Message-ID: <v04020a04b2561b978874@[139.167.130.246]>
MIME-Version: 1.0
Content-Type: text/plain



At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of
SDTI/RSADSI fans (and, evidently, retainers), wrote:

> 	Jeeez, I hope no one else sprained a finger getting the current
> stock price for Security Dynamics (SDTI).

:-).

> Robert Hettinga
> <rah@shipwright.com> took certain, ummm, dramatic liberties as he
> paraphrased a Boston Globe column yesterday on Bay State stocks that had
> "been discounted so deeply they raise eyebrows."

Memory is a terrible thing to waste. It was midnight. The newspaper was in
the trash in a Dunkin Donuts in Malden somewhere. So? Shoot me? :-).

> "Security Dynamics Technologies Inc. of Bedford, a leader in computer
> security and encryption, has fallen from an April high of 42 1/2 to 12
> yesterday. It traded as low as 6 two weeks ago."

Close enough for an internet rant, I figure. If I though I needed a fact
checker, I should go write a column for the Globe, right?


Frankly, besides the Globe's greater-fool valuation of Verisign, which I
seem to have left in that wastebasket in Malden where it belongs, I can
hardly tell, in any gross sense, the difference between what I said about
SDTI/RSADSI/Verisign from memory and the extended quote Vin blessed us
with, which I have gratefully snipped here for brevity.

Again, I didn't say that SDTI wasn't making money, or even that it didn't
have a significant amount of cash on hand relative to its book value.
Which, because I'm not looking at their annual report, I don't know for a
fact, so don't, um, quote me; I only know what I remember from the papers.
If in fact SDTI did have a large cash hoard, it would make it a buy even in
Ben Graham's book. Which I said, if you remember. Okay. I inferred it.
Maybe. :-).


My point was, even in these days of sky high multiples, the market is
deeply discounting SDTI to the "consensus" estimate of its future cash
flow. Given SDTI's patent standing, and the extreme amount of substitutive
competition for the patents it does control in the long term, the
"consensus" opinion seems fair to me, including valuing the company, yes,
it *was* two weeks ago, lower than the "value" of it's Verisign investment
alone.

> 	Hettinga essays are like handball games: the damn ball is
> ricocheting off the side walls, both ends, the floor and the ceiling.
> Linear coherence and internal consistency are less important than the
> electrostatic energy and the rolling rhetorical thunder

Marvellous. Glad to give you the exercise. I had fun writing it. Nice to
know you had fun chasing my shots all over the court like that. Should I
spot you a few more points next time, just to make it more interesting?


> 	Hettinga's apparent scorn for modern cryptography's obsession with
> strong authentication  -- now manifest in the intensity with which
> professionals worry the issues around PKC binding, key certification,
> digital signatures, CA procedures (and in the demand for smartcards to
> secure X509 certs apart from the networked CPU) -- bespeaks a truly
> iconoclastic mind.

Thank you. I think.

Look, folks, "strong authentication" is not the problem. It's biometric
*identity* which is the problem. Cryptography gives us the ability to do
away with "identity"-based key-mapping altogether. A key is a permission to
do something specific with a microprocessor, no more, or less. It doesn't
"mean" anything else. Certainly, if you go back and look at the actual,
legal, definitions of "signature", or "certificate", they don't mean what
people like Verisign (or say, the State of Utah) says their authentication
technology does.

No offense to the august people who coined those appelations, including
Whit Diffie, et. al., but the words "signature", or "certificate" just
don't cut it, because they cause more confusion than they may be worth.
(Just like "digital bearer settlement"? ...Naww... :-))


Anyway, control of a given cryptographic key is completely orthogonal to
the idea of identity. You can map an identity to it, but you don't have to,
because possession of the key is "permission", "authority", enough, all by
itself. *Who* you give permission to, by name, fingerprint, or physical
address, doesn't matter. And, possession of that key is *only* a function
of cryptography and networks, and not law or biology.

And, so, the *only* time you need a biometrically-identified key is when
you're doing a book-entry transaction, which has been my point in this
whole discussion. You can't send someone to jail for making the wrong
book-entry unless you know who they are, of course. Fortunately, that will
change someday, and probably sooner than most people in the transaction
settlement business realize.

Frankly, the only people who need to know someone's physical identity, or
care about it, are the people who put money at risk in the first place, and
only until the transacted money in question is in their firm control. The
shorter a transaction's latency, the less you care who you're doing
business with. Ultimately, if you're doing an instantaneous digital bearer
transaction, you don't care at all, because it's underwriter validates the
authenticity of the certificate (real use of the word) at the time of the
transaction, and not the person who's giving them to you. Even your trust
of the underwriter is driven by the reputation of the underwriter's *key*
and not your knowlege of where the underwriter lives, right? I mean, you
can trash the reputation of the underwriter just by presenting
cryptographic proof of of the underwriter's fraud, making the underwriter
lose more, on a net present value basis, than what he would gain from the
value of the transaction in question, or even the pool of money in his
reserve account.


Besides, ultimately, creating hierarchies of "certificates" of those
key-to-person maps, ala Verisign/X.BlaBla, is not only a waste of time
economically, it's downright logically impossible. You run right into
Russell's paradox and Goedel's result, for one thing. At the very least,
you remove all the flexibility which makes the technology useful in the
first place.

So, yes, it's just like putting a giant hydrogen bag on a biplane in a
misguided effort to make it fly better  (to beat my metaphor like a dead
horse). :-). Even Verisign, or Entrust, and certainly not Thawte, don't
claim to sell certification hierarchies anymore. Probably because they ran
smack-dab into a bunch of consistance/completeness paradoxes in trying to
doing so.

The only economical solution, is, of course, short-span *local* trust
networks, where self reference is not a problem because the network makes
no pretensions at completeness. Where a buyer trusts the seller's
reputation to his own satisfaction because people *he* trusts say so, and,
more important, the known public reputation of the seller is a good one.

Certainly not that stranglehold on everyone's internet identity which is at
the heart of whatever valuation the "consensus" currently wants to put on
companies like Verisign.

By the way, an economical solution to the problem, where the seller doesn't
have to trust the buyer at all is, of course, digital bearer settlement.


Anyway, this mystification of identity, particularly on an internet where
it will prove economically foolish to do so, is what I have against the
whole X.BlaBla, Grand Unified Human Namespace Hierarchy folks. They're
chasing unicorns through the mists of Avalon, in my opinion.

In the end, the only relations established by keys to other keys on the net
will be *economic* ones, and I guarantee that the structure of *those*
relationships, once mapped, will *not* be hierarical, and only unified on a
relational basis, in the same way that free economies now function. Nor
will the primary purpose of those keys be to find whatever physical person
is controlling a given key at any point in its (probably short) lifetime.


> 	What tucked me in for the night was the declaration -- from R.H.,
> the avatar of DBTS, e-cash, and geodesic recursive auctions -- that
> (venture) capital is or will be counterproductive to entreprenurial
> enterprise in the New Age. Un huh. Doomed, as well, by the hesitation
> inherent in the merely human minds that control its flow (at least in Rob's
> universe of cybernetic fiscal structures.)

Well, I suppose if I can play fast and loose with the contents of the
august Boston Globe in the middle of the night, you're welcome to
mischaracterize me in the same fashion, but I hope I'm forgiven if I try to
patch it up here, just a little bit.


I think that venture capital spends most of its time thinking about how to
establish industrial-era monopolies on intellectual property in a world
where, eventually, it is only wetware -- skill, if you will -- that will
matter. Software, hardware, and resources will ultimately be dependant
activities and will decrease in relative value over time.

Software will be utterly replicable and will be sold recursively, and
untraceably, on a bearer basis, primarily because that's the cheapest way
to safely trade money for information on a ubiquitous geodesic public
network. Given that the price of information is rediculuously time-driven,
the price-structure software markets will be such that not only will the
only people who make the most money be people who actually *write* software
and not hire it done, and that software will be sold in smaller and smaller
bits because the transaction costs will be so low (hey, don't believe me,
believe Ronald Coase :-)), but, finally, the only way to make *new* money
is to create new software which sells. So, no software monopoly opportunity
there, because, you need wetware to make software, and, in a world of
totally anonymous, and cash transacted, free agency, fun legalistic
attempts at physical control, like non-disclosures and non-competes, not to
mention copyright and patent, will eventually be laughably un-useful.

Eventually, hardware itself will be "made" using software, and the machines
which fabricate hardware itself will themselves be dependant on software
for their own construction. The price of manufacturing falls as a result,
becomes geographically hyperdistributed, and, of course, nobody can control
the production of software, see above. So, no permanent hardware monopoly
there.

Resources are, even now, discovered, grown or extracted using the best
possible information, and in the long run, the best possible software. The
ownership of land, therefore, will be *economically* determined by who has
the best information or software to use it with. Notice that even with a
finite supply of land, the value of a given piece of land's output, in real
prices, has consistently fallen over history, because the value of the
information used to generate that output falls over time as well, and the
productivity gains from the use of that information are relatively
permanent and cumulative. So, no permanent resource monopoly opportunities
in resources, either. Ask your average aristocrat, or even a farmer, if you
don't believe me. :-).


So, yes, I'll let people quibble about how long "eventually" means, or even
what their definition of "is" is :-), and, in that rather large economic
lacuna, you could drive several late-industrial fortunes through, and we
may or may not need venture capitalists to exploit on those market
inefficiencies, right now, today.

Nonetheless, we converge to a world where venture capital is a waste of
time, and, I think that businesses like Yahoo, and several other internet
ventures whose revenues are not under water, are proving that. For most
first-mover internet companies, the continued interest of venture
capitalists in your company may be, like cocaine, god's paradoxical way of
telling you you're making a lot of money.

The quest for economic rents is at the heart of any economy, certainly, but
I think that, sooner or later, venture capitalists will simply be in the
way between producers and the retained earning their customers are too only
happy give them. Any requirement for equity itself will probably be
underwritten directly to the public someday, and, if you want to call the
intermediaries who underwrite that, what, micro-equity(?), "venture
capitalists", you'll get a lot of argument from the people who already do
equity underwriting today, the investment bankers.

So, you're right, Vin. I *am* blaming venture capitalists for eventually
not being able to think fast enough to keep up, and that, someday, most
underwriting of equity itself will be an extremely automated process. Hell,
most investment bankers themselves will tell you that underwriting is so
mechanical these days that the only real money's in mergers and
acquisitions, anyway.


> 	Gotta love a guy who can write a sentence like that, knot and and
> double-knot it into a gangly tapestry -- and then glue the whole thing
> across a wonderful image like a "dirigible biplane."
>
> 	(That's a Hettinga vehicle is ever there was one. Even in the
> imagination, it pushes or pulls large amounts of gas around in an unusually
> muscular way;-)

Thank you. Insult me any way you want, as long as you spell my name right,
I guess. Dismissing me personally as an iconoclast doesn't dismiss what
I've said, certainly.

In the meantime, it's nice to know that I can say something about a public
company in passing on a few email lists and drive so many of its
shareholders, employees, and retainers to such vigorous distraction. My
phone was ringing off the hook yesterday, which was, certainly, a lot of
fun.


In the meantime, Vin, hang on to your SDTI stock, but probably just for
it's residual value to some future investor, like SDTI evidently bought
RSADSI for its own residual value, and, aparently, for whatever mystical
value the market now puts on Verisign.

It's just a shame that RSADSI didn't just license all that cool crypto to
the developers outright and make a whole lot more money, rather than
playing dog in the manger with it for so long, up to, and probably
including, calling the down export control Feds on a hapless kitchen-table
crypto developer named Zimmermann.


So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds
me an awful lot of that old joke about the two old Texas spinsters who,
walking down a dusty road, came across a talking frog claiming to turn into
an oil baron, if only one of them would kiss him to prove it.

"A talking frog", said one of them, putting the frog in her apron pocket,
"is worth something."


Cheers,
Bob Hettinga
-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





Thread