[Cryptography] People vs AI

[iang]

On 04/03/2025 02:36, efc--- via cryptography wrote:
>
> On Mon, 3 Mar 2025, iang via cryptography wrote:
>
>> Carrot & stick works well with nation states. But for reasons, the nation
>> states have trouble working with public keys. What does work is communities
>> that have some inner strength. For an example of one that worked, look at
>> CAcert, which these days is a shadow of its former self, but it did crack the
>> problem of honesty versus lying, at Internet scale.
> Maybe a more profitable way would be to try and come up with a better web of
> trust? Is it really so difficult?


Yes, it is really so difficult.


> Haven't there been advances in usability since
> it was created?


It's not about the UI (imho) it's about the definition or meaning of 
Trust *and* the definition or meaning of Idenitty. Everyone assumes they 
know what these mean, but few in the tech field seems to have much of a 
model, except:


> Another question is how to distinguish the user of a device, from the identity
> stored on the device. Imagine your key stored on your phone. But someone then
> steals and breaks into your phone. That person can then communicate with others
> as if he was you.


Right, see comments by John & Jerry. But I'd also add that this is 
potentially a bias for us in the cryptography space - because we're 
addicted to PKs, and because PKs can only be usefully calculated on 
devices, then we assume that's what we have to do. When you are a 
hammer, the world looks like nails.

But, PKs aren't in any way analogous to the way humans do identity (nor 
trust).

iang

ps; my model of those two is here: https://iang.org/identity_cycle/ but 
that's arguably off topic as there's precious little cryptograpy in it :)