Jason W Solinsky <solman@MIT.EDU> writes:
Enter Ingve the insurance salesman. Ingve will guarantee to others that you are certified by Charles by offering them bets. So suppose that Microsquish sends you its advertising agent and the agent is offering a 10 nano-slinkys [a cyberspatial monetary unit] bonus if you can produce one of Charles's certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've told Ingve that you are certified by Charles as a frequent purchaser of big brother inside computers. So Ingve says: "I'll convince Microsquish to accept my word that you have Charles's certification in exchange for just four nanoslinkys. But if at my request you ask for the certification and Charles's says you aren't certified then you owe me 64 nano-slinkys." Since you are sure that you are certified you accept the deal. Then Ingve goes to Microsquish and offers to insure your certification. Each time Microsquish accepts a certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys but will be able to get your business (and thus offset that with the four nano-slinkys). But, if it turns whenever Microsquish wants to it can check up on your certification from Charles at cost (8 nano-slinkys). If Charles certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and Ingve has to pay up Microsquish's insurance claim (which could be quite large depending on the policy.
One thing I don't follow here is under what circumstances a "challenge" will occur. Presumably Microsquish will not blindly accept all of Ingve's assurances since they are backed only by promises. Can Microsquish force Ingve to go to his clients and make them produce certificates? Who pays for that? Maybe if you factor in that cost it won't look so bad for Charles.
First, just let me note that there are a thousand ways to structure it. In my example, Microsquish gets to hold a challenge whenever they want to. If everybody is being honest Microsquish will lose eight nano-slinkys each time they challenge so they won't do it frequently. If everybody is not being honest, Microsquish will collect substantial damages.
Also, just because Charles can't get what he wants for his certifications doesn't mean he is being cheated.
I refuse to get into another vocabulary fight :) Lets just say that Charles isn't geting as much as he would like. Pay per use is good for the consumer... note the resentment that high software prices have created. Although everybody wins by adopting a system that better approximates reality, ala superdistribution (but we are dealing with authentication here, not information and after thinking about it alot I have decided that authentication is NOT necessarily a form of information in that you can easily demonstrate to somebody that you have been authenticated without giving them the ability to prove it to somebody else [again lets not get into a terminology debate, my point is that the intangible asset here has a different set of properties from the kind we usually deal with in information economy scenarios]), the consumer with his smaller buying power wins the most. So it would really suck for Charles to lose big at the hands of the consumer because he tried to do something that dramatically improved the consumer's position. Now that I think about it, its possible that I'm in error approaching this problem from a cryptographic standpoint. Maybe the correct course of action is to establish a cybergovernment which prohibits "Ingve the insurance salesman" attacks and then set up the fine structure such that the conspirators will have an enormous incentive to turn each other in.
It's a market, after all. You could just as well say that somebody else opens up a certification shop that sells certifications just like Charles' for less. It's not the fault of the protocol that Charles' business dries up. If the value of his certifications drops (as in your scenario) then his business should decrease.
Agreed, but it is highly desirable for charles NOT to be forced into selling certifications for a one time fee from the standpoint of all involved. Assuming Charles is intelligent, unless we can demonstrate to him a system that prevents these kinds of attacks, he's going to be stuck with the one time fee payment scheme.
Last, I'd say your problem exists just as clearly without Ingve. You could make a deal with Microsquish promising that you would be able to get certifications if asked, with some agreed-upon procedure by which Microsquish could demand that you produce one, with appropriate penalties. In that case probably Microsquish would believe some percentage of people and Charles' business would again fall off. In practice Ingve might be useful to help even up fluctuations but the problem arises just as clearly without him.
Yeah. I hadn't been looking at it that way because in my model Ingve gets played by an agent. There IS, however, an argument for giving control of Ingve to a third party. As I note above, every time Microsquish checks on the consumer it loses money. An Ingve could act as an intermediary between Microsquish and a far larger number of consumers. The relationship thus built (combined with statistical reality) allow Microsquish to use far fewer test cases and place a significant (but of course not total) amount of trust in Ingve's methods for guaranteeing valid licenses [whatever they may be. It is quite conceivable that there are other things which can alter the probabilities besides actually challenging the consumer to get a certification from Charles]. This saves Microsquish, and infact the whole system, money. Cheers, Jason W. Solinsky BTW, perhaps there is an easier solution: only permit Cherles's certifications to exist in an environment that he controls. Smart cards and remote computers can easily do this, although remote computers are undesirable due to their communications overhead.