[cryptography] Request - PKI/CA History Lesson

Jeffrey Goldberg jeffrey at goldmark.org
Fri May 2 01:41:26 EDT 2014


On 2014-05-01, at 8:49 PM, ianG <iang at iang.org> wrote:

> On 1/05/2014 02:54 am, Jeffrey Goldberg wrote:
>> On 2014-04-30, at 6:36 AM, ianG <iang at iang.org> wrote:

>> OK. So let me back peddle on “Ann trusts her browser to maintain a list of
>> trustworthy CAs” and replace that with “Ann trusts her browser to do
>> the right thing”.
> 
> Right, with that caveat about choice.

I think that we are in fierce agreement. At first
I didn’t understand the significance of your insistence
on *choice*, but I see it now. More below.

>>> In this context, we would claim that users b-trust because they know
>>> they can switch.  With browsers they cannot switch.
>> 
>> Their choice is to transmit private information using their browsers.
>> Their choice is to not participate in e-commerce.

> Right, there is always in economics some form of substitute.  But
> actually we've probably moved beyond that as a society.

> I would say that e-commerce is utility grade now, so it isn't a
> choice you can really call a choice in competition terms.

I agree that the behavior in b-trust must be about “choice behavior”
in that Ann behaves one way instead of another.

But I don’t think that we should have some minimal threshold of choice
before can call the behavior b-trust. As long as there is some
non-zero amount of choice the behavior (in these cases) will exhibit
a non-zero amount of trust.

For me the sentence, “I had little choice but to trust X” is perfectly
coherent.

Is it possible that you are letting your righteous anger at what
browser vendors have done interfere with how you are defining “trust”?

>> All I’m asking is that we consider the people we are asking to
>> “b-trust” the system. Can we build a system that is b-trustworthy
>> for the mass of individuals who are not going to make c-trust
>> judgements.
> 
> 
> Right, this is the question, how do we do that?
> 
> That is what Certificate Transparency and Perspectives seek to do, as
> well as other thoughts.  First they make the c-trust available by
> setting up alternate groups and paths. Then the c-trusters develop their
> followings of b-trusters.

I agree with that last bit. In a sense, if people see that experts trust
the system they will too. But how will this play out with Certificate
Transparency for most users? What do they actually need to know and do
to follow some c-trusters?

> There likely needs to be a group of c-trusters in the middle
> that mediate the trust of the b-trusters.

And how will that work without putting unrealistic expectations on
the vast major of users. How do they pick which c-trusters to trust?

>> I think that we have a higher chance of success if we use a language that
>> can talk about agents who do not have a deep or accurate understanding of
>> why a system is supposed to work. And so, I think that, with some refinement,
>> my notion of b-trust is worthwhile.
> 
> 
> Yes it could be.  It might not be applicable to web-PKI because the
> vendors confuse X "do the right thing by users" with X' "maintain a good
> CA list.”

I’m confused. (Perhaps by the vendors?)

Cheers,

-j


More information about the cryptography mailing list