Can we copy trust?

Ben Laurie ben at links.org
Mon Jun 2 14:57:29 EDT 2008


Ed Gerck wrote:
> In the essay "Better Than Free", Kevin Kelly debates which concepts hold 
> value online, and how to monetize those values. See 
> www.kk.org/thetechnium/archives/2008/01/better_than_fre.php
> 
> Kelly's point can be very useful: *When copies are free, you need to 
> sell things which can not be copied.*
> 
> The problem that I see and present to this list is when he discusses 
> qualities that can't be copied and considers "trust" as something that 
> cannot be copied.
> 
> Well, in the digital economy we had to learn how to copy trust and we 
> did. For example, SSL would not work if trust could not be copied.
> 
> How do we copy trust? By recognizing that because trust cannot be 
> communicated by self-assertions (*), trust cannot be copied by 
> self-assertions either.
> 
> To trust something, you need to receive information from sources OTHER 
> than the source you want to trust, and from as many other sources as 
> necessary according to the extent of the trust you want. With more trust 
> extent, you are more likely to need more independent sources of 
> verification.
> 
> To copy trust, all you do is copy the information from those channels in 
> a verifiable way and add that to the original channel information. We do 
> this all the time in scientific work: we provide our findings, we 
> provide the way to reproduce the findings, and we provide the published 
> references that anyone can verify.
> 
> To copy trust in the digital economy, we provide  digital signatures 
> from one or more third-parties that most people will trust.
> 
> This is how SSL works. The site provides a digital certificate signed by 
> a CA that most browsers trust, providing an independent channel to 
> verify that the web address is correct -- in addition to what the 
> browser's location line says.

But doesn't that prove the point? The trust that you consequently place 
in the web server because of the certificate _cannot_ be copied to 
another webserver. That other webserver has to go out and buy its own 
copy, with its own domain name it it.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list