On Tue, 16 Jan 2001, Tom wrote:
I love it when you conflict with yourself. :)
Then in general you must hate me...
so you trust the proof. great. if you trust the proof, and the protocol has just been proven, then your trust extends to the protocol. and so on. web-of-trust.
please don't say you don't. because if a protocol that was just proven by a prove you trust has not earned your trust by that procedure, then obviously you lied when you said you'd trust the prove.
The 'proof' IS the 'protocol'. You act as if 'proof' and 'trust' are equivalent. They're not. I 'trust' because I know the protocol won't 'lie'. That is the 'trust' and the heart of the 'proof'. This of course, speaking of Real World (TM), raises the question of if a protocol even exists. In most cases it doesn't. And in many cases even if it did only Bill G. could afford it. Here is the heart of commercial authentication services. Raise the cost of tampering with the system while at the same time not raising the cost of actually doing the system. Otherwise the customers can't afford it. It's a horse race. And it will be until every iota of information is free (fat chance). For your assertion to be so you still need to prove: A trust B, B trusts C, therefore A trusts C. After all, simply because you and I trust the protocol still doesn't mean I trust you. It only means I believe you haven't lied in this particular case. Another aspect is that the 'authentication' is good only for now. The fact that we require the protocol to be repeated each time is a priori admission of our trust. I mean if we've authenticated them once it should be ok for now on if we 'trust' them. You can't because it doesn't. This proof is central to your assertion. It's fundamentally central of 'web-of-trust'. It's why this particular web doesn't scale well. I trust the protocol to fail if it is tampered with because of universal access to its base components (ie isotropic and homogenious). Something that no amount of money, time, or political influence can change. I use the protocol not to decide my trust but to give me a reason to opt out of the process. Fundamentally if you have to apply any of these sorts of protocols to an exchange a reasonable person won't want to be involved in the first place. There is a fundamental lack of trust already extant. The key point however is to recognize the true function of any authentication protocol, to stop now - to drop out. Speaking of examples of trust, In the made-for-tv SG-1 pilot movie they must identify if the stargate is a trap. They do this with a simple empty cleanex box. This is a great example of 'trust' and 'authentication'. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------