I’m glad to see discussion in this thread about how to make Pet Names more
usable—this is needed. But even after the best usability improvements we
can muster, what you say above may still be true. As a computer scientist, you
must have a deep appreciation of impossibility results—it keeps us from
barking up the wrong tree, no matter how attractive that tree is.
Limitless energy would be nice, and people have tried many designs for
perpetual motion machines. You tell me now that creation of net energy is
impossible, and further, you show me a machine that actually *looses* net
energy as it operates.
Maybe this is the best we can do and still produce useful motion. Could be.
But if so...
So let us all lament the impossibility. We can now proceed to the useful talk
of improving the design so that it looses less energy.—Mark
|
|
No, you can both see and control the Petnames that are
uploaded when you access the information on your card. Hey, this is easy as I’m making it up as I go along. Still,
I believe the nay saying position is way over stated.—Jed
|
Yes, that’s better, but still (I suspect) more dangerous than having
users choose their own Petnames. See my response to Bill Frantz. But I think Ben Laurie has gotten at a much more serious problem.
Suppose I ask my bank how much money they’d be willing to put behind
their word when they introduce me to Paypal. I think they’re going
to laugh at me.
Moreover, I think they may be right to laugh at me. They’re in the
business of managing money, not in the business of introductions (that’s
the Yellow Page’s business). Why would being good at the former imply
that they are good at the latter? To put it another way, sure, I trust
them to do the former, but why should I trust them to do the latter?
I think we’ve got an example of a standard fallacy when reasoning about
trust: "I trust X for purpose P" doesn’t imply "I trust X for purpose Q".—David
|
|
|
|
|
|
|
|
|
|
|
To communicate about third parties, we need to first securely agree on a common semantics. The problem of secure general agreement is a property rights problem, and particular a property titles problem. It’s like agreeing on who owns the land, and what are its boundaries. I’ve tackled this problem in depth at <szabo.best.vwh.net> More information on the distributed database system that the secure title system is based on can be found at <szabo.best.vwh.net> Among the other things one can do with secure distributed property titles is set up secure public mappings between human-readable names, between names and addresses, and so on. In the secure titles system names are controlled by their owners, ownership can be securiely verified by third parties, and third parties can comment on the accuracies of any claims implied by the title (e.g. the relationship between human-readable names and network addresses).
On CAs: when I was working on a certificate authority, we considered certificates to be mappings from domain names (or other network addresses) to legal names. In other words, they were links from cyberspace into legal systems—they were "who to sue" certificates. Not trademarks, or otherewise human-readable names—we left that war to the domain name and trademark people. (Verisign, but not most other CAs, attempts to combine the anti-confusion and legal identity functions, but only because they also run a big chunk of the domain name system. Verisign’s bundling is not necessary— anti-confusion measures should be taken during DNS registration, not with certificate issuance). Turns out the only people who really want such legal IDs online are businesses. Credit cards and PayPal provide legal identities for individuals, and besides most individuals don’t want to otherwise surf with a permanent cookie that doubles as a "sue me" certificate.
You "trust" a Verisign-certified web site, in the ways and to the extents that you do, because if they screw up in an illegal way a government can arrest them, or you can sue them, or both. Beyond that the certificate has nothing to do with "trust", "reputation", and other such vague nonsense. Verisign does not check their credit rating, or test the quality of their goods. It probably does not even forbid certificates to known fraud artists (and it should not do so—it should leave such remedies to legal systems). They check Dun & Bradsreet, and Dun and Bradstreet checks with various government offices for business registrations, verifies physical addresses (so you know where to serve process), and the like. It is not a "reputation system". It is a link into legal systems.
And now to the problem at hand: phishing. To state the obvious, phishing is illegal, in the U.S., under common law and a variety of fraud and trademark statutes, and I doubt you can find a jurisdiction where it’s legal. If said laws could be enforced, there wouldn’t be phishing. The CA solution is a proposal to try to make such laws enforcable by allowing users to know whether they can call the cops on the person at the other end, or sue them, if the information they submit is abused in the future, or if it was obtained by fraud (e.g. phishing), or both. Whether this will work or not is an open question, but it’s nonsensical to discuss it with vague terms like "trust", rather than as what it is—an attempt to provide a secure link from the user’s perceptions into legal systems. Once that link is there, legal systems provide highly evolved security against name confusion, in the form of fraud, trademark, etc. law.
Should this law-link solution fall short, secure property titles provide another alternative—names, addresses, etc. as generally agreed property—that, like cryptography and similar strong security solutions, doesn’t depend, (except perhaps for its initial set-up) on a legal systems.
Nick Szabo—szabo
|
|
|
|
|
|
|
|
|
To communicate about third parties, we need to first securely agree on a
common semantics. The problem of secure general agreement is a property
rights problem, and particular a property titles problem. It’s like agreeing
on who owns what land, and what are its boundaries. I’ve tackled this
problem in depth at <szabo.best.vwh.net> More
information on the distributed database system that the secure title
system is based on can be found at <szabo.best.vwh.net>
Among the other things one can do with secure distributed property titles is
yet up secure public mappings between human-readable names, between names
and addresses, and so on. In the secure titles system, names are controlled
by their owners, ownership can be securiely verified by third parties, and
third parties can comment on the accuracies of any claims implied by the
title (e.g. the relationship between human-readable names and network
addresses).
On CAs: when I was working on a certificate authority, we considered
certificates to be mappings from domain names (or other network addresses)
to legal names. In other words, they were links from cyberspace into
legal systems—they were "who to sue" certificates. Not trademarks, or
otherewise human-readable names—we left that war to the domain name and
trademark people. (Verisign, but not most other CAs, attempts to combine
the anti-confusion and legal identity functions, but only because they also
run a big chunk of the domain name system. Verisign’s bundling is not
necessary— anti-confusion measures should be taken during DNS registration,
not with ceritificate issuance). Turns out the only people who really want
such legal IDs online are businesses. Credit cards and PayPal provide legal
identities for individuals, and besides most individuals don’t want to
otherwise surf with a permanent cookie that doubles as a "sue me here"
certificate.
You "trust" a Verisign-certified web site, in the ways and to the extents
that you do, because if they screw up in an illegal way a government can
arrest them, or you can sue them, or both. Beyond that the certificate has
nothing to do with "trust", "reputation", and other such vague nonsense.
Verisign does not check their credit rating, or test the quality of their
goods. It probably does not even forbid certificates to known fraud
artists (and it should not do so—it should leave such remedies to legal
systems). They check Dun & Bradsreet, and Dun and Bradstreet checks with
various government offices, verifies physical addresses, and the like.
It is not a "reputation system". It is a link into legal systems.
And now to the problem at hand: phishing. Phishing is illegal, in
the U.S., under common law and a variety of fraud and trademark
statutes, and it would be hard to find a jurisdiction where it’s legal. If
said laws could be enforced, there wouldn’t be phishing. The CA solution is
a proposal to try to make such laws enforcable by allowing users to know
whether they can call the cops on the person at the other end, or sue them,
if the information they submit is abused in the future. Whether this will
work or not is an open question, but it’s nonsensical to discuss it with
vague terms like "trust", rather than as what it is—an attempt to
provide a secure link from the user’s perceptions into legal systems.
Once that link is there, legal systems provide highly evolved security
against name confusion, in the form of fraud, trademark, etc. law.
Preventing phishing then requires no more than showing the "sue me here"
certificate on the screen, and teaching people not to type in personal
information if that certificate is missing.
Should this law-link solution fall short, secure property titles provide
another alternative—names, addresses, etc. as generally agreed
property—that, like cryptography and similar strong security solutions,
doesn’t depend, (except perhaps for its initial set-up) on a legal system.
Nick Szabo—szabo
|
|
|