On 24/04/2015 20:03 pm, Jon Callas wrote:
On Apr 20, 2015, at 9:53 AM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
What we need is the PKI equivalent of structured programming. PKIX is
Pascal. PGP is BASIC. Yes, you can do anything with IF-THEN-GOTO. But
you probably should not try.
If only there were a way to do that.
Let's consider a machine that has a set of simple operations that it can do,
like IF-GOTO and another language that did more complex things like
IF-THEN-ELSE. If we could make something that could take the complex language
and translate it into a set of the simpler statements reliably, then perhaps we
could solve that problem.
Right. As an analogy, this is the trap that the bitcoin folks are
falling into. They believe that because they can express complicated
transaction flows in a program, they have encapsulated the contract or
agreement between folks.
They haven't, what they've achieved is the performance of a contract
only, not the entire contract. The wider contract also includes
semantics & exceptions, and these cannot typically be coded into a
language other than the natural language that the humans use in forming
their agreement.
Sadly, it seems that human level semantics will remain in wordage, and
agent-level performance will be limited to code. The two should work
together. Which is why in the CA/PKI world there is a fairly clear
separation between the technology and the documentation; the two are
supposed to walk hand in hand, and they are supposed to cover distinct
areas of the agreement. It is this latter documentation aspect -- e.g.,
the EULA which should point to PKI's CPS -- that the OpenPGP world is
lacking in its thought process.
To bring it back to the technology level: an assertion made in OpenPGP
that doesn't also in some reliable way point to the doco tree that
grounds the statement is approximately worthless.
iang
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp