This issue has come up, with a few list readers talking about how uncertain or fuzzy reputations are. Some have said they see this as a fatal flaw for commerce and dealings in cyberspace (and in cypherspace, the strongly-untraceable variant). If we were all in the same room and had access to blackboards, maybe these doubters could be convinced. Lord knows, this is what a lot of the early Cypherpunks physical meetings were all about, with hours spent drawing pictures, refuting arguments, considering gotchas. Regrettably, we are not in the same room and text articles don't work in the same way (especially when people often don't even read the full article or any of the cited references!). Yes, I know about HTML and GIFs, but there's no way I'm going to prepare a series of diagrams and pictures, for obvious reasons: time, lack of feedback, limited audience, etc. Some general comments: * Yes, reputations are not objective things like the charge on a particle. Rather, they are more like the velocity of a particle: different observers will observe different velocities. Or, continuing the physics analogy (which is limited!), there's a complicated tensor, or matrix of values, attached to what we call "reputation": Alice's reputation as a cook to Fred, Alice's reputation as a writer to Dorenda, Alice's reputation for being on time to Digital Datawhack, and on and on. Not only is this matrix large, the values are themselves dependent on other beliefs and assumptions, and the values vary even on a daily or hourly basis. * this should not be surprising to anyone. The notion that "Alice" has some "measurable reputation" is ludicrous. To whom, for what, under what circumstances, etc.? * What we call "reputations" are really "beliefs." Assertions in a personal data base. Reputations have a different flavor from some other kinds of belief. "I believe Alice was born in 1965" is a different flavor of belief from "I believe Alice will repay money lent to her" or "I believe Alice speaks the truth." In ordinary language, we classify the latter two beliefs as statements indicating has a good reputation for repaying debts or speaking the truth. * Beliefs come from a lot of places. If a lot of people tell me that Alice has repaid money they lent her, I believe (for Bayesian reasons, though Alice may still screw _me_) that Alice has a good reputation for repaying debts, i.e., a good credit history. This belief I have is my assessment of her reputation. It is _not_ something Alice owns or carries around with her. (There are obvious and important implications for free speech here, too. The notion that Alice "owns" her "good name" and can take action against others who "impugn" or "besmirch" her "good reputation" is a pernicious idea. One reason so many of us understand and embrace the notion of unfettered free speech, even speech impossible to trace to a speaker, is because of a deep understanding of how probabalistic belief networks operate, warts and all. If L. Detweiler "besmirches" my name, he has besmirched his own repuation, in my view. I could go on, but I just wanted to make the links between reputations in _commerce_ applications and similar reputations in areas where some folks think we need laws against slander and libel, regulation of "bad" speech, etc.) *Back to the relativity and fuzziness of "reputation." * I mentioned earlier that several other interesting concepts have the same kind of "relativity" and fuzziness: entropy, randomness, even encryption. These things depend on context, on environment. A complicated bit string may look like noise, utterly random. But it may be an encrypted message, or even the genome of an oak tree. Cf. the work of Chaitin and others, treated popularly in recent books by John Casti, John Barrow, Rudy Rucker, Ivars Peterson, and others. Everyone on this list should think deeply about issues of randomness, entropy, and algorithmic complexity. These are core issues, not just to cryptography, but also to PBNs and complex systems in general. * Greg Broiles mentioned "bets" in this context. Bets are a good thing to think about: they represent an agent's most self-interested assessment of a bunch of factors: how likely a loan is to be repaid, how likely it is that Alice will be at the restaurant when she says she will be, who will win the Super Bowl, etc. Not surprisingly, dozens or even hundreds of scraps of information may be fed into the process of making a bet, setting odds, etc. * Is there some master formula for establishing odds? What do _you_ think? * Is it all hopeless, then? No. Reasoning with incomplete knowledge is something evolution has prepared organisms for quite well. Many tools exist to estimate odds, from standard probability theory to more exotic recent methods ("maximum entropy methods," for example). Bayesian reasoning has gotten a lot of press lately. * Because of these perceived difficulties, it is often tempting for strongmen or thugs to establish top-down rules and use the threat of physical coercion to ensure compliance. Names and identities often fit this, with every citizen-unit being required to carry papers, proofs of identity, etc. This tendency toward having a "master signer" (root) who then delegates siging to lower levels, etc., is also tempting for top-down use: the President of VeriSign, for example, tells the next level down that they are who they say they are, and they tell a lower level, and so on. * PGP, to the credit of PRZ, adopted a "web of trust" model. Instead of a top-down signature authority, so to speak, the web of trust is a closer match to the probabalistic belief networks found in personal interactions: Alice believes something about Bob (who he is, where he lives, whether he has repaid loans to others, etc.). Bob believes something about Alice. Dave believes something about Charles, and so on. * a "digital signature" is nothing mystical or special, just another "belief." If I meet someone named Alice and she signs something with her private key, then if I see this same signature someplace else (e-mail, for example) I will have a degree of belief that the person I met in person is the same person (or has possession of the key, which is similar in most cases to "being" the same person) I am dealing with via e-mail. * does a digital signature really mean that this person "is" Alice? No. And it is unclear what it means to say a body or agent "is" Alice. Unless and until there are naming systems at birth, trackable biometrically, names are just handles. They change. The focus on "is-a-person" is overdone. ("Is-a-person" is a topic of interest to cryptographers, and is something newcomers should read up on.) * webs of trust are special cases of the probabalistic belief networks I've already mentioned. Seen as a graph with various nodes and arcs representing degree of belief in something. * the top-down naming system being pushed by VeriSign (and perhaps likely to gain Official Government Recognition, meaning, get a certificate from VS or don't bother trying to communicate with the IRS, DOJ, etc.) is a graph looking like a pyramid. * and so on. Much can be written about these graphs, these networks, and their properties. And about tools for propagating belief. Dempster-Shafer methods, for example. Judea Pearl's recent book, "Causality," has a bunch of interesting insights. * are there "scalability" and "consistency" issues with non-pyramidal PBNs? Sure. As to be expected. (Issues of unwieldiness of large webs of trust, for example.) * Are these "show-stoppers"? Not that I can see. I'm quite happy receiving signed keys from folks I know. If the entity known as "Lucky Green" gives me his signed key, and I add him to my keyring, then I have confidence the e-mail he signs comes from the person I know. I don't care whether "Lucky Green" is his True Name, or his Immigration Name, or his Stage Name. And I don't care whether some data base at MIT is choking on all of the names and keys they have _centralized_. (Hint: the word "centralized" should be a clue.) * Fact is, we make most of our decisions based on probabalistic belief networks. For restaurants, movies, t.v., books. Lots of sparseness in the network, lots of fuzziness. But when someone asks for a list of recommended reading, and folks like me give such a list, this is PBNs and reputations at work--regardless of how "fuzzy" the recommendations may be, regardless of "authority" issues. (For example, taking the objections of some here to reputation systems, one might expect them to ask such questions as: "But who established the reputation of Tim May? How do we know he is qualified, or authorized, to give such recommendations? He recommends Vinge, but do we know if Vinge has given his approval for Tim to recommend his books? This "reputation" thing is just too informal to be workable.") I encourage readers to check out the books and articles on the topics mentioned here. Don't expect them to directly refer to the topics at hand with Cypherpunks, for obvious reasons. We are in many ways at the cutting edge, in terms of realizing the implications of untraceability, nyms, and reputations for commerce, so traditional analyses have not covered these things. A recent book, a very recent book, is "Peer to Peer." (Cf. Amazon.) It has at least a couple of articles sketching out reputation issues. Not in the PBN sense I describe above, but, then, they didn't ask me to write a chapter, so I didn't. --Tim May -- Timothy C. May tcmay@got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns