At 12:18 AM -0400 on 10/23/98, Vin McLellan, speaking for legions of SDTI/RSADSI fans (and, evidently, retainers), wrote:
Jeeez, I hope no one else sprained a finger getting the current stock price for Security Dynamics (SDTI).
:-).
Robert Hettinga <rah@shipwright.com> took certain, ummm, dramatic liberties as he paraphrased a Boston Globe column yesterday on Bay State stocks that had "been discounted so deeply they raise eyebrows."
Memory is a terrible thing to waste. It was midnight. The newspaper was in the trash in a Dunkin Donuts in Malden somewhere. So? Shoot me? :-).
"Security Dynamics Technologies Inc. of Bedford, a leader in computer security and encryption, has fallen from an April high of 42 1/2 to 12 yesterday. It traded as low as 6 two weeks ago."
Close enough for an internet rant, I figure. If I though I needed a fact checker, I should go write a column for the Globe, right? Frankly, besides the Globe's greater-fool valuation of Verisign, which I seem to have left in that wastebasket in Malden where it belongs, I can hardly tell, in any gross sense, the difference between what I said about SDTI/RSADSI/Verisign from memory and the extended quote Vin blessed us with, which I have gratefully snipped here for brevity. Again, I didn't say that SDTI wasn't making money, or even that it didn't have a significant amount of cash on hand relative to its book value. Which, because I'm not looking at their annual report, I don't know for a fact, so don't, um, quote me; I only know what I remember from the papers. If in fact SDTI did have a large cash hoard, it would make it a buy even in Ben Graham's book. Which I said, if you remember. Okay. I inferred it. Maybe. :-). My point was, even in these days of sky high multiples, the market is deeply discounting SDTI to the "consensus" estimate of its future cash flow. Given SDTI's patent standing, and the extreme amount of substitutive competition for the patents it does control in the long term, the "consensus" opinion seems fair to me, including valuing the company, yes, it *was* two weeks ago, lower than the "value" of it's Verisign investment alone.
Hettinga essays are like handball games: the damn ball is ricocheting off the side walls, both ends, the floor and the ceiling. Linear coherence and internal consistency are less important than the electrostatic energy and the rolling rhetorical thunder
Marvellous. Glad to give you the exercise. I had fun writing it. Nice to know you had fun chasing my shots all over the court like that. Should I spot you a few more points next time, just to make it more interesting?
Hettinga's apparent scorn for modern cryptography's obsession with strong authentication -- now manifest in the intensity with which professionals worry the issues around PKC binding, key certification, digital signatures, CA procedures (and in the demand for smartcards to secure X509 certs apart from the networked CPU) -- bespeaks a truly iconoclastic mind.
Thank you. I think. Look, folks, "strong authentication" is not the problem. It's biometric *identity* which is the problem. Cryptography gives us the ability to do away with "identity"-based key-mapping altogether. A key is a permission to do something specific with a microprocessor, no more, or less. It doesn't "mean" anything else. Certainly, if you go back and look at the actual, legal, definitions of "signature", or "certificate", they don't mean what people like Verisign (or say, the State of Utah) says their authentication technology does. No offense to the august people who coined those appelations, including Whit Diffie, et. al., but the words "signature", or "certificate" just don't cut it, because they cause more confusion than they may be worth. (Just like "digital bearer settlement"? ...Naww... :-)) Anyway, control of a given cryptographic key is completely orthogonal to the idea of identity. You can map an identity to it, but you don't have to, because possession of the key is "permission", "authority", enough, all by itself. *Who* you give permission to, by name, fingerprint, or physical address, doesn't matter. And, possession of that key is *only* a function of cryptography and networks, and not law or biology. And, so, the *only* time you need a biometrically-identified key is when you're doing a book-entry transaction, which has been my point in this whole discussion. You can't send someone to jail for making the wrong book-entry unless you know who they are, of course. Fortunately, that will change someday, and probably sooner than most people in the transaction settlement business realize. Frankly, the only people who need to know someone's physical identity, or care about it, are the people who put money at risk in the first place, and only until the transacted money in question is in their firm control. The shorter a transaction's latency, the less you care who you're doing business with. Ultimately, if you're doing an instantaneous digital bearer transaction, you don't care at all, because it's underwriter validates the authenticity of the certificate (real use of the word) at the time of the transaction, and not the person who's giving them to you. Even your trust of the underwriter is driven by the reputation of the underwriter's *key* and not your knowlege of where the underwriter lives, right? I mean, you can trash the reputation of the underwriter just by presenting cryptographic proof of of the underwriter's fraud, making the underwriter lose more, on a net present value basis, than what he would gain from the value of the transaction in question, or even the pool of money in his reserve account. Besides, ultimately, creating hierarchies of "certificates" of those key-to-person maps, ala Verisign/X.BlaBla, is not only a waste of time economically, it's downright logically impossible. You run right into Russell's paradox and Goedel's result, for one thing. At the very least, you remove all the flexibility which makes the technology useful in the first place. So, yes, it's just like putting a giant hydrogen bag on a biplane in a misguided effort to make it fly better (to beat my metaphor like a dead horse). :-). Even Verisign, or Entrust, and certainly not Thawte, don't claim to sell certification hierarchies anymore. Probably because they ran smack-dab into a bunch of consistance/completeness paradoxes in trying to doing so. The only economical solution, is, of course, short-span *local* trust networks, where self reference is not a problem because the network makes no pretensions at completeness. Where a buyer trusts the seller's reputation to his own satisfaction because people *he* trusts say so, and, more important, the known public reputation of the seller is a good one. Certainly not that stranglehold on everyone's internet identity which is at the heart of whatever valuation the "consensus" currently wants to put on companies like Verisign. By the way, an economical solution to the problem, where the seller doesn't have to trust the buyer at all is, of course, digital bearer settlement. Anyway, this mystification of identity, particularly on an internet where it will prove economically foolish to do so, is what I have against the whole X.BlaBla, Grand Unified Human Namespace Hierarchy folks. They're chasing unicorns through the mists of Avalon, in my opinion. In the end, the only relations established by keys to other keys on the net will be *economic* ones, and I guarantee that the structure of *those* relationships, once mapped, will *not* be hierarical, and only unified on a relational basis, in the same way that free economies now function. Nor will the primary purpose of those keys be to find whatever physical person is controlling a given key at any point in its (probably short) lifetime.
What tucked me in for the night was the declaration -- from R.H., the avatar of DBTS, e-cash, and geodesic recursive auctions -- that (venture) capital is or will be counterproductive to entreprenurial enterprise in the New Age. Un huh. Doomed, as well, by the hesitation inherent in the merely human minds that control its flow (at least in Rob's universe of cybernetic fiscal structures.)
Well, I suppose if I can play fast and loose with the contents of the august Boston Globe in the middle of the night, you're welcome to mischaracterize me in the same fashion, but I hope I'm forgiven if I try to patch it up here, just a little bit. I think that venture capital spends most of its time thinking about how to establish industrial-era monopolies on intellectual property in a world where, eventually, it is only wetware -- skill, if you will -- that will matter. Software, hardware, and resources will ultimately be dependant activities and will decrease in relative value over time. Software will be utterly replicable and will be sold recursively, and untraceably, on a bearer basis, primarily because that's the cheapest way to safely trade money for information on a ubiquitous geodesic public network. Given that the price of information is rediculuously time-driven, the price-structure software markets will be such that not only will the only people who make the most money be people who actually *write* software and not hire it done, and that software will be sold in smaller and smaller bits because the transaction costs will be so low (hey, don't believe me, believe Ronald Coase :-)), but, finally, the only way to make *new* money is to create new software which sells. So, no software monopoly opportunity there, because, you need wetware to make software, and, in a world of totally anonymous, and cash transacted, free agency, fun legalistic attempts at physical control, like non-disclosures and non-competes, not to mention copyright and patent, will eventually be laughably un-useful. Eventually, hardware itself will be "made" using software, and the machines which fabricate hardware itself will themselves be dependant on software for their own construction. The price of manufacturing falls as a result, becomes geographically hyperdistributed, and, of course, nobody can control the production of software, see above. So, no permanent hardware monopoly there. Resources are, even now, discovered, grown or extracted using the best possible information, and in the long run, the best possible software. The ownership of land, therefore, will be *economically* determined by who has the best information or software to use it with. Notice that even with a finite supply of land, the value of a given piece of land's output, in real prices, has consistently fallen over history, because the value of the information used to generate that output falls over time as well, and the productivity gains from the use of that information are relatively permanent and cumulative. So, no permanent resource monopoly opportunities in resources, either. Ask your average aristocrat, or even a farmer, if you don't believe me. :-). So, yes, I'll let people quibble about how long "eventually" means, or even what their definition of "is" is :-), and, in that rather large economic lacuna, you could drive several late-industrial fortunes through, and we may or may not need venture capitalists to exploit on those market inefficiencies, right now, today. Nonetheless, we converge to a world where venture capital is a waste of time, and, I think that businesses like Yahoo, and several other internet ventures whose revenues are not under water, are proving that. For most first-mover internet companies, the continued interest of venture capitalists in your company may be, like cocaine, god's paradoxical way of telling you you're making a lot of money. The quest for economic rents is at the heart of any economy, certainly, but I think that, sooner or later, venture capitalists will simply be in the way between producers and the retained earning their customers are too only happy give them. Any requirement for equity itself will probably be underwritten directly to the public someday, and, if you want to call the intermediaries who underwrite that, what, micro-equity(?), "venture capitalists", you'll get a lot of argument from the people who already do equity underwriting today, the investment bankers. So, you're right, Vin. I *am* blaming venture capitalists for eventually not being able to think fast enough to keep up, and that, someday, most underwriting of equity itself will be an extremely automated process. Hell, most investment bankers themselves will tell you that underwriting is so mechanical these days that the only real money's in mergers and acquisitions, anyway.
Gotta love a guy who can write a sentence like that, knot and and double-knot it into a gangly tapestry -- and then glue the whole thing across a wonderful image like a "dirigible biplane."
(That's a Hettinga vehicle is ever there was one. Even in the imagination, it pushes or pulls large amounts of gas around in an unusually muscular way;-)
Thank you. Insult me any way you want, as long as you spell my name right, I guess. Dismissing me personally as an iconoclast doesn't dismiss what I've said, certainly. In the meantime, it's nice to know that I can say something about a public company in passing on a few email lists and drive so many of its shareholders, employees, and retainers to such vigorous distraction. My phone was ringing off the hook yesterday, which was, certainly, a lot of fun. In the meantime, Vin, hang on to your SDTI stock, but probably just for it's residual value to some future investor, like SDTI evidently bought RSADSI for its own residual value, and, aparently, for whatever mystical value the market now puts on Verisign. It's just a shame that RSADSI didn't just license all that cool crypto to the developers outright and make a whole lot more money, rather than playing dog in the manger with it for so long, up to, and probably including, calling the down export control Feds on a hapless kitchen-table crypto developer named Zimmermann. So, right now, after all that, um, exercise, SDTI/RSADSI/Verisign reminds me an awful lot of that old joke about the two old Texas spinsters who, walking down a dusty road, came across a talking frog claiming to turn into an oil baron, if only one of them would kiss him to prove it. "A talking frog", said one of them, putting the frog in her apron pocket, "is worth something." Cheers, Bob Hettinga ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'