[Cryptography] Trustworthiness
iang
iang at iang.org
Tue Jun 20 08:29:29 EDT 2017
On 18/06/2017 11:26, mok-kong shen wrote:
> P. G. Neumann wrote in his article: Trustworthiness and Trustfulness
> are Essential,
> CACM, vol.60, p.28:
>
> "The concept of trustworthiness seems to becoming supplanted with
> people falsely
> placing their trust in systems and people that are simply not
> trustworthy -- without
> any strong cases being made for safety, security, or indeed assurance
> that might
> otherwise be found in regulated critical industries such as aviation.
> However, the
> risks of would-be "facts" may be the untimate danger."
>
> Are there any practical remedies in sight?
There are better paradigms. Whether you call them 'remedies' would
depend on how broken you think the system is.
In practice, anything labelled with trust was a bit of a bait&switch.
The notion that people could "trust" systems was a misuse of the word.
In practice people rely on systems, not trust them. You don't trust
your car to get you to work, except euphemistically instead you rely on it.
In contrast, newer generation systems will use attributes or
attestations [1] and not certificates [2]. These attestations will be like:
"Alice asserts X about Bob to standard Y"/Alice/
Then, systems will collect many things said by Alice, and by Bob. When a
question arises there will be a process - first collect everything we
know about the target subject, then filter it for relevance. Then
present or analyse or something.
As you can see, this ain't a business model, as it's directly between
peers. So it's taking a while for developers and orgs to get on board.
iang
[1] http://www.r3cev.com/blog/2017/4/17/identity-is-an-edge-protocol
[2] http://www.r3cev.com/blog/2017/4/25/an-exploration-of-identity
More information about the cryptography
mailing list