"Arnold G. Reinhold" wrote:
At 11:21 AM -0700 10/17/2000, Ed Gerck wrote:
As Tony Bartoletti wrote, apologies for what seems a rant, but the "solid mathematical foundations" underlying digital signatures, "Qualified Certificates", unmistakable IDs, biometrics and so forth create in me a degree of "psychic and social backlash" as well.
As well it should. There is a big difference between "can we do it?" and "should we do it?"
One other point, and let me shift to upper case for this one: THERE ARE NO "SOLID MATHEMATICAL FOUNDATIONS" FOR ANY OF THIS STUFF!!!!! THE DIFFICULTY OF BREAKING PUBLIC KEY SYSTEMS HAS NEVER BEEN PROVEN MATHEMATICALLY.
Yes, that is why Tony's remark was somewhat tongue-in-cheek and used "solid mathematical foundations" within quotes.
It is all hypothesis and empirical argument. A lone mathematician working in his attic could come up with an algorithm that would blow some or all of the existing systems out of the water. Who get to cover that financial risk?
The buyer. CAs (read Verisign's CPS or any CA's CPS, or bank contracts and -- above all -- see the US UCC) are not responsible for producing correct results but just for using correct methods. Where "correct methods" are what others consider correct -- even if they are proved wrong later on by a one mathematician working in his attic.
We create these instruments in the hope of ascertaining better measures of the constancy of authentication and identities. The central question that comes to mind is "to what degree we are artificially creating the constancy we intend these instruments to measure."
Well said.
This paragraph was also Tony's contribution, not mine. It reflects a case I often make -- to what extent are we ironing out diversity and thus creating an artificial and useless model rather than a real-world model that would have real-world significance? "The emperor is nude", needs to be heard more often IMO, in e-commerce. Before, if possible, more of our economy and even lives depend on it. Cheers, Ed Gerck