Re: Reputation Capital papers?
At 3:20 PM 9/6/94 -0700, Hal wrote:
P.S. I did find a paper on the net called "Endorsements, Licensing, and Insurance for Distributed System Services", by Lai, Medvinsky, and Newman of Information Sciences Institute. Here is the abstract:
[snip...]
Unfortunately, I can't recall where I saw the pointer to this paper. I'm sure other people read the same lists and newsgroups I do so perhaps someone else can provide a pointer. Also, my copy of the postscript paper would only print the first three pages, so I can't really evaluate their ideas.
Try this...
From: bcn@ISI.EDU Date: Sun, 4 Sep 1994 13:05:42 -0700 Original-From: Clifford Neuman <bcn@ISI.EDU> To: www-buyinfo@allegra.att.com, kerberos@mit.edu Subject: New paper available X-UIDL: 778899999.011
A new paper is available by FTP that may be of interest to the readers of this list. The paper will be presented in November at the Second ACM Conference on Computer and Communications Security.
Charlie Lai, Gennady Medvinsky, and B. Clifford Neuman. Endorsements, Licensing, and Insurance for Distributed System Services. 2nd ACM Conference on Computer and Communications Security, Fairfax VA, November 1994.
The paper discusses mechanisms for confidence building on the NII. In particular it discusses methods by which users may assure themselves of the competence and honesty of service providers on the network. The paper is available as:
ftp://prospero.isi.edu/pub/papers/security/insurance-cccs94.ps.Z
Clifford Neuman
I didn't drop off the face of the earth, I just got a hot project thrown into my lap. I really want to come back and talk about offline cash some more, <groan!> but I won't have a chance for a bit. Anyway this thread is way cool.... Bye! Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923
Thanks to Bob Hettinga for providing a reference to that paper which discusses several issues related to what we might call "reputation capital". I was able to fix my Postscript problems and get the whole paper printed. Two of the three authors are the originators of the NetCash proposal. I gave that paper a pretty negative review here a few months ago, mostly because their "cash" was non-anonymous, and was really a digital certified check. That's fine, although not IMO cryptographically interesting and I really didn't see much about their proposal that wasn't obvious. I find this paper more interesting. They discuss the general issues of servers establishing credibility with clients through various strategies: licenses, where a legal agency provides a credential that the server meets various minimum standards; endorsements, which are similar but which tend to come from private agencies and will often have a range of levels (like the 1 to 5 diamond ratings granted to hotels by the AAA); insurance, where an insurance company guarantees that suits are possible in the case of breach of contract; and surety bonding, which is similar but covers a wider range of unsatisfactory completions to the relationship. Most of these make sense in the context of business interactions as well as traditional client/server computing. After a promising introduction, the paper takes a mundane turn, proposing data structures to encode information about these various kinds of "assurance credentials", with slots for what is covered, to what amount, under what conditions it would apply, etc. I think it is way premature to try to specify what kinds of information would be in these credentials. They do get into some more interesting material when they discuss ways in which these credentials might be shown and authenticated. Generally, the assurance credential is created or issued by some 3rd party: a bank, an insurance company, a government, a rating agency like AAA or Consumers Union. (We would probably add, individuals known to the client. The authors have something of an institutional bias, and discuss institutions providing credentials to benefit other institutions, neglecting the problem of how individuals establish their own credibility. This is especially noticable in their section 7.3 where they point out that institutions which hold large sums of money for their clients will have much greater authentication requirements than those which grant credit. The obvious symmetry of the two situations appears to escape the authors' notice.) Once the credential is given to the server, it can then show it to the client. They do appear to allow for something similar to blinded credentials. The term they use for these credentials is "proxies" because in a sense the credential acts as a proxy, a substitute, for the organization which issued the credential. (The real reason for this strained terminology is to tie this paper in with the senior author's other papers, IMO.) They suggest that there would be two classes of proxies: "bearer" proxies, which appear not to have the server's identity explicitly encoded, but which are granted under terms in which only servers knowing a particular secret key are considered to be valid; and "delegate" proxies, which appear to explicitly encode the server's identity. The author's terminology is a bit hard to follow here, so it is possible that I am missing their point, but it does sound like they have the germ of the idea of being able to show a credential in a way where the credential is not explicitly identity-bound. Of course, they have missed the point of blinding of credentials (they give no sign of ever having heard of the concept), and the bearer proxies would actually be linkable by the proxy issuer. It is not really clear what the value is of the very limited form of anonymity allowed by bearer proxies. After this rocky portion (the authors really need to read the literature! this is the same problem that NetCash had) they move into quite a dramatic and impressive vision of a "web of trust" system of credentials backing up credentials. The point is that the issuing agencies themselves may need backup (what is the value of an endorsement by the Direct Mail Marketing Association if you've never heard of them?) This leads to the concept of "transitive assurance" in which A endorses B and B endorses C, allowing you to follow the chain and give some credibility to C. Here is one good point they make: "Transitive assurance may extend to an arbitrary depth, but longer chains generally promote less confidence. Where assurance is rated, heuristics are needed for deriving the combined assurance rating from the metrics and limits associated with the individual credentials involved. Such heuristics are a topic for further study." Alert readers will see a connection to the PGP web of trust, and the authors actually make this connection. They go on to point out that in PGP certifications pertain to identity only. There is no mechanism in PGP to endorse the signing and endorsement policies of other users. This was the point I made some time back in a posting here in which I pointed out that the "web of trust" is a misnomer because you can only trust keys which you have verified directly or where you know and trust someone who knows the end user. In contrast, a system of transitive assurance is a true web of trust, where Consumer's Union endorses the Microwave Manufacturers' Association which endorses Joe's Microwave Repair, allowing me to trust Joe even though I've never heard of the MMA. The authors have a nice diagram showing a web of credentials with clients, and various kinds of authenticating and endorsing agencies, all in a complicated system of connections. I think this is very close to the ideas people have had here for how a system of reputation credentials could work. They also discuss how assurance credentials could be used to give credibility to an issuer of electronic cash. Banks or other financial agencies could provide credentials that the issuer had assets greater than a certain amount (so you know the currency is backed), and auditors could provide credentials that the books balance. Once again they have neglected the interesting topic of how or whether blinded credentials could work but this is not a bad start. In a way it is kind of sad to see how primitive the understanding is of these issues in the "mainstream". OTOH it is good to see any discussion at all. Hopefully papers like this will attract some interest on the part of the many people who are trying to jump onto the internet-business bandwagon. Hal
participants (2)
-
Hal -
rah@shipwright.com