On Jan 31, 2012, at 7:35 PM, Phillip Hallam-Baker wrote:
> I don't see the problem with defining the term 'trustworthy'
>
> Risk = Cost imposed by likelihood of probable loss.
> Trust = Confidence with which risk is assessed.
> Trusted = An entity that is relied on to mitigate risk (whether
> trustworthy or not).
> Trustworthy = An entity that meets rational criteria for risk mitigation.
>
> We could wordsmith the definitions, but I think we can probably agree
> on the general principles.
>
> The problems stem from the fact that risk is a very complex function.
> It is not merely probability * probable loss since in a real world
> situation both are continuous functions, I might suffer $100 loss
> with probability X, and a $1000 loss with probability Y and so on.
>
> And it is not just the expected loss that is the issue but the cost
> that expected loss would impose on my business. My probability of a $1
> million loss might be 0.1% but the cost that potential imposes on my
> business might be much higher than $1000.
>
>
> I think we should also be able to come to agreement that even though
> we can define the terms, we can't expect to come to precise
> measurements, or even particularly satisfactory measurements. If we
> could do that we would be in the regular business of insurance.
>
> In particular, insurance companies have always avoided writing
> policies on acts of war. The reason being that the probable losses
> simply do not follow a predictable pattern. Losses due to theft and
> even natural causes follow reasonably predictable patterns.
>
> We are now dealing with politically motivated attacks and so we end up
> with probabilities that don't fit a mathematical model and losses that
> don't have a monetary value.
I don't buy it.
You're presuming that risk and trust exist in a vacuum and can be measured
context-free.
Trust, you see, is transitive. Not transitive in the mathematical sense, but
transitive in the grammatical sense -- it needs a direct object.
You might trust your mother, but do you trust your mother to set up your VPN?
The flip side of this is risk, and indeed risk is colloquially just trust with
the polarity inverted. Or perhaps risk is 1 - trust.
Most strictly speaking, risk is uncertainty, but we often think risk is danger.
Under a strict definition of risk, jumping off the top of a skyscraper is isn't
risky; in all likelihood, you'll end up dead. But jumping out of a second floor
window is very risky because you might end up dead or you might tuck and roll
with impunity.
Similarly, I trust you'll just be a splat from the skyscraper leap, but I can
hardly use the word at all with the jump from the window. Things are riskiest
when you might as well guess, it means that the probability is close to 1/2.
Trust, in contrast is an approximation of certainty, and either end of the
scale is trust.
And keys are just labels. I'm enough of an SPKI revanchist to say that keys are
just names or labels. You can no more determine trustworthiness from a mere
name than you can tell a book by its cover. To talk about trust, let alone
trust*worththiness*, you're talking reputation. And what we mean by reputation
is not merely certainty but certainty of a desirable outcome. Reputation and
risk diverge when there's a low risk of a good outcome.
That's why we really shouldn't touch it, unless we're going to truly talk about
the counterintuitiveness of a bad reputation being one that has low risk.
Jon
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
