[Top] [All Lists]

Re: Weakening the rigid hierarchical trust model

1997-12-31 12:29:12
The caution expressed here about delving into ideology incident to
self-certifying CAs is wise. That does not remove, however, the inescapable
fact that ideology may underlie a technology or standard. For example, the
ideologies of private property and monetizing value underlie payment systems.

IETF working groups unavoidably develop proposals based on such ideological
underlayments, but must remain free of tweaking for parochial and
provincial interests, the arguing of which can endlessly bog down technical
implementation, and make global standards problematic, if not impossible.

Thus, a payment system standard may be developed, while encoding a payment
system standard that prevents the purchase of liquor on Sunday, or in Saudi
Arabia, or by minors, enters the arena of troublesome tweaking to parochial
and provincial interests.

To deal with the generally-accepted facts that purchasing liquor may be
religiously offensive to some when done on Sunday, illegal in Saudi Arabia,
or harmful to unsupervised minors, is clearly beyond both the scope and
ability of a technical standards body like an IETF working group.

The problem arises in determining where ideological underlayments end, and
parochial and provincial interests begin. That question is not of the same
class as "how long is this piece of string". Judgments must be made. If
error is to be made, placing most issues into the "parochial and
provincial" category, and excluding them from standards-body tweaking,
facilitates the pace and globalness of standard development and extends
applicability, and expands the choices left to the user. I submit that
those results are beneficial. Erring in the other direction retards the
pace of standards development and diminishes applicability, and reduces the
choices left to the user.

If one wishes to enter the arena of protecting the unsophisticated user
from the possibility that he may make bad choices (e.g., a minor seeks to
purchase liquor), then one has entered the thickest mire of ideology, that
of paternal judgments made by one to ostensibly benefit another. In that
mire, one must decide what is good for others, and limit their opportunity
to choose that which you believe is not good. Some, including myself,
believe (ideologically) that the quality of such paternal judgments
decreases as the distance between paternal judger and the ostensibly
protected party increases. I submit that the standards body is sufficiently
distant from a widely-diverse array of potential beneficiaries of
gratuitous paternalism, such that a low quality, generalized result might
be obtained, even from the most-enlightened and best-intended efforts.

There is a protocol, the use of which mitigates the foregoing concern. That
protocol is to provide notice to the user of the reasonable consequences of
the various choices he may make. Rather than prohibiting hot things,
Underwriters Laboratories has tags placed on transformers that say, "Hot.
To avoid burning, do not touch." The verbiage of such notice moves into
political consideration. A standard can implement notice protocols,
although notice-message-content itself may be better left to implementors.
For example "algorithm/notice".

I submit for consideration that the two primary ideological underlayments
of cryptographic communications are 1) the  secrecy and authenticity of
communications between communicants, and 2) the communicants' selection of
methods to accomplish and authenticate such communications, i.e., what do
the *communicants trust and prefer* for the content at hand.

If one accepts the foregoing, then one adopts the necessary strategy of
providing choices to the user, with notice, rather than hard-wiring out the
possibilities of choice at the technical standards level.

Accordingly, I advocate a technical specification that fully permits
self-signed certificates, that promotes their ease of transfer with the
message content, that provides for their review by the recipient, and for
his informed choice to accept or reject the certificate for various usages.
To treat (at the standards level) some certificates as first-class and
convenient, and others second-class and less convenient, based upon the
IETF working group's assessment of who has signed them, is paternalism,
reaching into the political and ideological mire of parochial and
provincial interests.

In my view, a specification that steers clear of that bog facilitates both
the pace and globalness of standard development, the broad applicability of
the result, and the informed choices left to the user.

Ed Stone
delete "-birdname" spam avoider

<Prev in Thread] Current Thread [Next in Thread>