Re: On the orthogonality of anonymity to current market demand
From: "R.A. Hettinga" <rah@shipwright.com> Sent: Oct 25, 2005 8:34 AM To: cryptography@metzdowd.com, cypherpunks@jfet.org Subject: On the orthogonality of anonymity to current market demand
...
That is to say, your analysis conflicts with the whole trend towards T-0 trading, execution, clearing and settlement in the capital markets, and, frankly, with all payment in general as it gets increasingly granular and automated in nature. The faster you can trade or transact business with the surety that the asset in question is now irrevocably yours, the more trades and transactions you can do, which benefits not only the individual trader but markets as a whole.
The prerequisite for all this is that when the asset changes hands, it's very nearly certain that this was the intention of the asset's previous owner. My point isn't to express my love for book-entry payment systems. There's plenty to hate about them. But if the alternative is an anonymous, irreversible payment system whose control lies in software running alongside three pieces of spyware on my Windows box, they probably still win for most people. Even bad payment systems are better than ones that let you have everything in your wallet stolen by a single attack. ...
However "anonymous" irrevocability might offend one's senses and cause one to imagine the imminent heat-death of the financial universe (see Gibbon, below... :-)), I think that technology will instead step up to the challenge and become more secure as a result.
What's with the heat-death nonsense? Physical bearer instruments imply stout locks and vaults and alarm systems and armed guards and all the rest, all the way down to infrastructure like police forces and armies (private or public) to avoid having the biggest gang end up owning all the gold. Electronic bearer instruments imply the same kinds of things, and the infrastructure for that isn't in place. It's like telling people to store their net worth in their homes, in gold. That can work, but you probably can't leave the cheapest lock sold at Home Depot on your front door and stick the gold coins in the same drawer where you used to keep your checkbook.
And, since internet bearer transactions are, by their very design, more secure on public networks than book-entry transactions are in encrypted tunnels on private networks, they could even be said to be secure *in spite* of the fact that they're anonymous; that -- as it ever was in cryptography -- business can be transacted between two parties even though they don't know, or trust, each other.
Why do you say internet bearer transactions are more secure? I can see more efficient, but why more secure? It looks to me like both kinds of payment system are susceptible to the same broad classes of attacks (bank misbehavior (for a short time), someone finding a software bug, someone breaking a crypto algorithm or protocol). What makes one more secure than the other? ...
Cheers, RAH
--John Kelsey
-- John Kelsey
What's with the heat-death nonsense? Physical bearer instruments imply stout locks and vaults and alarm systems and armed guards and all the rest, all the way down to infrastructure like police forces and armies (private or public) to avoid having the biggest gang end up owning all the gold. Electronic bearer instruments imply the same kinds of things, and the infrastructure for that isn't in place. It's like telling people to store their net worth in their homes, in gold. That can work, but you probably can't leave the cheapest lock sold at Home Depot on your front door and stick the gold coins in the same drawer where you used to keep your checkbook.
Some of us get spyware more than others. Further, genuinely secure systems are now becoming available, notably Symbian. While many people are rightly concerned that DRM will ultimately mean that the big corporation, and thus the state, has root access to their computers and the owner does not, it also means that trojans, viruses, and malware does not. DRM enables secure signing of transactions, and secure storage of blinded valuable secrets, since DRM binds the data to the software, and provides a secure channel to the user. So secrets representing ID, and secrets representing value, can only be manipulated by the software that is supposed to be manipulating it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3CepcQ59MYKAZTizEycP1vkZBbexwbyiobaC/bXS 44hfxMF4PBKXmc5uavnegOFFCMtNwDmpIMxLBcyI3
hi ( 05.10.26 09:17 -0700 ) James A. Donald:
While many people are rightly concerned that DRM will ultimately mean that the big corporation, and thus the state, has root access to their computers and the owner does not, it also means that trojans, viruses, and malware does not.
do you really think this is true? doesn't microsoft windows prove that remote control of computers only leads to compromise? [especially in our heavily networked world] and doesn't history show that big corporations are only interested in revenue- so that if they get revenue by forcing you to pay them fees for 'upkeep' of your digital credentials to keep your computer working they are going to do that. the problems 'solved' by DRM can also be solved by moving to an operating system where you have control of it, instead of an operating system filled with hooks so other people can control your computer. and that operating system is freely available ... -- \js oblique strategy: don't be frightened of cliches
At 10:22 AM -0500 10/31/05, johns@worldwinner.com wrote:
and doesn't history show that big corporations are only interested in revenue
One should hope so. ;-) Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
James A. Donald writes:
Further, genuinely secure systems are now becoming available, notably Symbian.
What does it mean for Symbian to be genuinely secure? How was this determined and achieved? -- http://www.eff.org/about/staff/#chris_palmer [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
James A. Donald writes:
Further, genuinely secure systems are now becoming available, notably Symbian.
Chris Palmer <chris@eff.org>
What does it mean for Symbian to be genuinely secure? How was this determined and achieved?
There is no official definition of "genuinely secure", and it is my judgment that Symbian is unlikely to suffer the worm, virus and trojan problems to the extent that has plagued other systems.
Chris Palmer <chris@eff.org> writes:
James A. Donald writes:
Further, genuinely secure systems are now becoming available, notably Symbian.
What does it mean for Symbian to be genuinely secure? How was this determined and achieved?
By executive fiat. Peter.
Peter Gutmann writes:
What does it mean for Symbian to be genuinely secure? How was this determined and achieved?
By executive fiat.
The usual means, then. :) -- http://www.eff.org/about/staff/#chris_palmer [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
I'd recommend DRM (I think what you really mean is Palladium, err, excuse me, the Trusted Computing Platform Alliance, see the web site and Ross Anderson's take on it) to my grandmother, because I don't trust her to understand the implications of clicking on something in an email (thank you active content!). Many OSes don't allow ordinary users the privileges of compromising their security so easily as Microsoft. I suppose we can rely on vendor-written code to do approximately what it claims to do, most of the time, but have you actually read the claims in EULAs and Privacy Policies lately? It seems like you'd be trading one set of problems for another. Personally, I'm less suprised by my own software (and, presumably, key-handling) than vendor software, most of the time. I think TCPA is about control, and call me paranoid, but ultimate control isn't something I'm willing to concede to any vendor, or for that matter any other person. I like knowing what my computer is doing, to the bit and byte level, or at least being able to find out. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
On 11/6/05, Travis H. <solinym@gmail.com> wrote:
Personally, I'm less suprised by my own software (and, presumably, key-handling) than vendor software, most of the time. I think TCPA is about control, and call me paranoid, but ultimate control isn't something I'm willing to concede to any vendor, or for that matter any other person. I like knowing what my computer is doing, to the bit and byte level, or at least being able to find out.
I suggest that you're fooling yourself, or at least giving yourself a false sense of security. Software today is so complex and large that there is no way that you can be familiar with the vast bulk of what you are running (and it's only going to get worse in the future). It is an illusion that you have transparency into it. Water is transparent but an ocean of it is opaque and holds many secrets. CP
participants (8)
-
Chris Palmer -
cyphrpunk -
James A. Donald -
John Kelsey -
johns@worldwinner.com -
pgut001@cs.auckland.ac.nz -
R.A. Hettinga -
Travis H.