On Thu, Sep 15, 2011 at 7:16 PM, Marsh Ray <ma...@extendedsubset.com> wrote: > Zooko said something the other day that has really stuck with me. I > can't get it out of my head, I hope he will give us a post to explain it > further: > > https://twitter.com/zooko/status/108347877872500737 > "I find the word "trust" confuses more than it communicates. Try Mark S. > Miller's "relies on" instead!"
One great virtue of this terminology is that it leaves no doubt as to transitivity. If A relies on B and B relies on C then there is no possibility that A could not rely on C! On a historical note, I think I may lay claim to that distinction (I distinctly remember encouraging Mark to not use "trust" and instead use "relies on" or "is vulnerable to", which makes the relationship crystal clear, in a conversation in a car with him and Jonathan Shapiro back when I first met him at Johns Hopkins). Anyway, there are two separate questions: 1. How do we increase our trust in these parties we rely on? Right now, we really have absolutely no reason to trust them. Possible answers to this, of course, include changing who we rely on. But they also include changing how we decide who we rely on (in context, perhaps). 2. How do we decrease reliance? This is the great virtue of the capability view of the world: if B could be decomposed into B1 and B2, of which only B1 relies on C, then A can truly know that when it interacts with B2 it is not relying on C. Capabilities encourage this kind of decomposition naturally, and it doesn't matter if A is unaware of the decomposition: he still has a reduced attack surface. Much of the discussion on this list has been about 1. I truly believe that 2 is a better focus, particularly when you start thinking about how you percolate this kind of infrastructure up to the level of the user. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
