-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ian G wrote: > The classical problem of "trust" in computing/IT is that companies > successfully managed to reverse the meaning, and nobody noticed. So > every time we look at it, we trip over the contradictions. > > Trust is what I ascribe to you. However, in the "trust business", a TTP > (or CVP) tells me to trust you. Instead of me being able to trust you, > I can do nothing but accept you, even if I don't trust you. > > That's not trust as humans know it, that's something else.
What that is, in my opinion at least, is a reversal of authority. Your personally ascribed trust should always trump that others try to foist on you. You're the ultimate authority on yourself after all. Companies in the "trust business" can indeed point you towards trustworthy parties, as the company makes its money by taking the risk of interacting with untrusted parties. But when the system is such that those companies' recommendations are not only automatically approved, but mandated above your own knowledge of others, that I see as the problem. Of course SSL Certificate issuers would love that you trust them more than you trust yourself. They make more money that way selling certificates. :/ > It is possible to categorise ... but that doesn't mean it is useful to > do. Libraries catalogue books, but that tells us where to find a book, > not how good it is. Nevertheless, you wouldn't go to the science fiction section expecting to find a good book on how to cook the best chili in the world (Serve it Forth by Anne McCaffery). What I'm saying is that you trust that books in a certain category will fit properly with that category. Otherwise you wouldn't be able to find anything. For instance the "graphic novel" shelf in my local library is unfortunately filled by someone who likes those really depressing nihilist drama comics. So that reduces my trust in their ability to pick out light hearted friendly comics, and also reduces my trust that I'm going to find anything worth reading in that section. But it increases my trust that I'll find yet another book by R. Crumb on the shelves. Similarly I know the library has an excellent section on native plants, so I have a very large trust in that library to provide me with information in that category. In that way I'm forced to categorize trust not just according to the person, or organization who I'm trusting, but also in the type of trust I'm ascribing them. > Also, there is a sort of top-ten winners effect as soon as you succeed I call that the "clique" effect. The problem is once you get a group of people you trust, you stand to benefit from including other members in your group and expanding, but you also stand to lose from attempting to include members who are untrustworthy. So there's a point of diminishing returns, when reaching out to new members doesn't help you more than the pain of being stiffed by betrayers. As a consequence "cliques" form, since people become willing to exclude other worthy members from their group, since that way they can also lock out the trolls. What I'm trying to do is reduce the amount of damage betrayal has on any network of friends. The way I concieve it, members of a clique could serve as bridges to other cliques, or "cells" if you like. Individual members put themselves at risk, but upon being compromised the group overall distributes that loss. So with 10 people you'd only have 1/10 the risk, but still 100% of the gain from acquiring new members. In /that/ way, cliquish groups are motivated to grow larger, thus reducing the consequences of betrayal, thus offering further motivation to grow larger. Even in an environment where betrayal is highly likely, cliques can and should form, but can still have bridges into other cliques, and in doing so hold society together as best as possible under the storm of abuse they happen to be suffering from. > the ones on the top ten sell disproportionately to the ones off the top > ten list. If 10 people have more of a certain resource than everyone else, then it's arguable that they should give it disproportionately ot the ones who do not have that resource. One "top ten" group would exchange something with another "top ten" group, such that in their exchange both ended up getting something they wanted. The resources exchanged can include IOUs from the Federal Reserve, but I really wouldn't recommend it. That in itself has consequences that would pose an incontrovertible risk to both groups. > Right, the PGP Web of Trust is a network in name, but trust isn't quite > what it delivers. More it delivers a sense of "who met who" and > therefore likely similar interests. But that isn't trust, it is more > like loose community. Who met who I guess. You're supposed to verify people's identity even having met them. But that gets me to my other point... > CAcert has a large body of Assurers (3401 yesterday) who run around the > planet checking your "identity" and other things, p2p but also > face2face. My biggest problem with CACert (no offense) is that it still relies on centralized identity collection mechanisms, such as a driver's license, birth certificate, or other form of government ID. I'm proposing a different mechanism, where people could start with a blank identity whenever they wanted, but build up a reputation for that identity by doing benevolent acts over time. Relying on a government ID relies obviously on the government, so wouldn't work in destabilized areas, nor would it work in stable areas where the government has been taken over by powerful oligarchs who resort to assassination of public figures to make sure their puppet leaders don't step out of line. What I'm saying is government itself is a weak point, a vulnerability that may be compromised by people accumulating wealth and power. Relying on them and not on one's own actions that have been signed by one's own key, is a mistake in my opinion. Maybe not on the short term, but in the long run it just defers and amplifies the act of betrayal. Instead of ripping us off at the soda stand, the betrayers instead slowly compromise the government and engineer a total economic collapse. (except for them of course) > makes a ruling. The ruling has some teeth, because the Arbitrator can > award a fine of up to 1000 euros, not that this has happened as yet. Uh, where does the money go? I'm all for discouraging people from running scams on the CACert network, but I have enough bad experiences with the Guilt Industry that I have to ask what you would do with that money, and how it would avoid motivating you to encourage trust failure or continue to raise the arbitrary penalty fees. > We have established a thing called CAcert Assurer Reliable Statement, or > CARS for short. If we request some form of "proof" or evidence, we can > simply ask any Assurer to go research or do something, then report back. > And add CARS to the end, signifying that the author will stand by the > words. (We also often sign these things digitally.) That's a good idea! "Benevolent acts" don't necessarily have to be heavily resource intensive, like building a house. It could be as simple as helping someone out with their book report. Even researching something relatively common would establish them as capable of producing complete sentences and communicating with you in a civil manner. > No longer are we talking about some volunteer with a penguin > t-shirt, For the record I do not have a penguin t-shirt. > catalogue what trust meant, instead we created a vector, a message, that > can be used for anything ... but carries weight. So basically what you're saying is... you created money. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuPYAwACgkQB/meY5RuPPRomgCdFurG23I/6sSYMJnMvV9GmwA0 yMgAoJ0LoqFgsHpiXWHz7g6+t6sNr71q =Nk1H -----END PGP SIGNATURE----- _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
