[Cryptography] Trustworthiness

[iang]

On 18/06/2017 11:26, mok-kong shen wrote:

> P. G. Neumann wrote in his article: Trustworthiness and Trustfulness 
> are Essential,
> CACM, vol.60, p.28:
>
> "The concept of trustworthiness seems to becoming supplanted with 
> people falsely
> placing their trust in systems and people that are simply not 
> trustworthy  -- without
> any  strong cases being made for safety, security, or indeed assurance 
> that might
> otherwise be found in regulated critical industries such as aviation. 
> However, the
> risks of would-be "facts" may be the untimate danger."
>
> Are there any practical remedies in sight?

There are better paradigms.  Whether you call them 'remedies' would 
depend on how broken you think the system is.

In practice, anything labelled with trust was a bit of a bait&switch.  
The notion that people could "trust" systems was a misuse of the word.  
In practice people rely on systems, not trust them.  You don't trust 
your car to get you to work, except euphemistically instead you rely on it.

In contrast, newer generation systems will use attributes or 
attestations [1] and not certificates [2].  These attestations will be like:

"Alice asserts X about Bob to standard Y"/Alice/

Then, systems will collect many things said by Alice, and by Bob. When a 
question arises there will be a process - first collect everything we 
know about the target subject, then filter it for relevance.  Then 
present or analyse or something.

As you can see, this ain't a business model, as it's directly between 
peers.  So it's taking a while for developers and orgs to get on board.

iang

[1] http://www.r3cev.com/blog/2017/4/17/identity-is-an-edge-protocol
[2] http://www.r3cev.com/blog/2017/4/25/an-exploration-of-identity