6201Re: [decentralization] decentralized recognizability
- Nov 6, 2002At 08:57 AM 11/6/2002, Lucas Gonze wrote:
>Miles Sabin wrote:IMO there will not be any user-intervention in whatever emerges as the
> > My worry is that it isn't really all that much better than nothing.
>Military-grade security sometimes weakens actual security. Are you as
>likely to proofread a textual key as to confirm the basic shape of a
>squiggle? It may be that a slacker MITM attack is more than enough in
solution, regardless whether it is Passport or something decentralized.
To reach very broad adoption, security and authentication must be so
reliable that ordinary money transactions never fail. That is a lot
less than military grade. For example it might be based on mere
economics of computational power, or my suggestion it be based on
community reputation frameworks.
The successful security framework will need to reach nearly universal
adoption. There is a large fraction of the population that is so
irrational about money that they are unable to make rational choices,
and lose confidence in "new providers" too easily.
I'm just going to recite three obvious things (you can skip:)
1. Some of today's leading companies in financial services, software,
telecommunicatinos and media will be harmed financially by any
devolution of security and reputation out of central institutions.
2. The power of government will also be affected i.e. some effects on
the ability to collect taxes, and surveil communications would result if
freedoms we have in real space are allowed over distances. e.g. paper
cash, private conversations.
3. Certain actors in those sectors, work actively to undermine privacy
and security over networks. They fill the airwaves with FUD about
hackers, stolen money, drugs, laundering, terrorists, etc. to protect
the existing banking system, and actively undermine the usefulness
of networks, fill them with SPAM and undermine the security and
sovereignty of the user in many computing, network and radio
I've come to conclude there can never be adequate security on user-
programmable PCs or hand-helds. Identity as well as secure
communications will have to come from a device *owned by the user*,
probably including at least a PIN pad and screen within the trusted
device. Users will quickly learn that such a device contains not
only a mere digital ID, but allows them to accrue digital reputation
which is quite valuable, financially. As any valuable thing, they
will positively safeguard it. Accordingly, what is missing is
the intellectual work of developing P2P reputation frameworks,
in coordination with design of the handheld devices. The semiconductor
industry will certainly produce the thing if there's a market.
The basic use case is sending a screenful of data (i.e. a contract)
into the screen of the device for signature, as described in the
MeT Peer to peer scenarios (ignore the telco "operator" scenarios.)
http://mobiletransaction.org/documents.html The consortium spent
megabucks, on UI standards for use of the screen on the TD so that
the user would recognize the "Trusted Device" mode when it was
presented by different manufacturers.
If PCs, phones, palms etc. are ever to be secure their content must be
flowed thru a VPN or something, controlled by the user. How this is
ever going to happen is beyond my expertise. I would like to see the
handheld trusted device have two ports: LAN and WAN, for signing,
encryption etc. and this has to be fairly idiot proof. As with the
TD, the private keys would be created and managed in a security element
and private keys would never leave the handheld device... I had fun
with this: http://www.gldialtone.com/Hippocrit.gif
Again, I don't know what the end solution will be but it won't be some
clever new software for the PC. It will be built into devices and it
will be preceded by a very big discussion about reputation frameworks,
and a formal architecture discussion including UML for software and
None of those has begun yet,
- << Previous post in topic Next post in topic >>