CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)

Ed Gerck egerck at nma.com
Wed Oct 18 10:23:52 PDT 2000 


"Arnold G. Reinhold" wrote:

> At 11:21 AM -0700 10/17/2000, Ed Gerck wrote:
> >As Tony Bartoletti wrote, apologies for what seems a rant, but the "solid
> >mathematical foundations" underlying digital signatures, "Qualified
> >Certificates",
> >unmistakable IDs, biometrics and so forth create in me a degree of "psychic
> >and social backlash" as well.
>
> As well it should. There is a big difference between "can we do it?"
> and "should we do it?"
>
> One other point, and let me shift to upper case for this one:  THERE
> ARE NO "SOLID MATHEMATICAL FOUNDATIONS" FOR ANY OF THIS STUFF!!!!!
> THE DIFFICULTY OF BREAKING PUBLIC KEY SYSTEMS HAS NEVER BEEN PROVEN
> MATHEMATICALLY.

Yes, that is why Tony's remark was somewhat tongue-in-cheek and used
 "solid mathematical foundations" within quotes.

> It is all hypothesis and empirical argument. A lone
> mathematician working in his attic could come up with an algorithm
> that would blow some or all of the existing systems out of the water.
> Who get to cover that financial risk?

The buyer. CAs (read Verisign's CPS or any CA's CPS, or bank contracts
and -- above all -- see the US UCC) are not responsible for producing correct
results but just for using correct methods. Where "correct methods" are
what others consider correct -- even if they are proved wrong later on
by a one mathematician working in his attic.

> >We create these instruments in the hope of ascertaining better measures
> >of the constancy of authentication and identities.  The central question that
> >comes to mind is "to what degree we are artificially creating the constancy we
> >intend these instruments to measure."
>
> Well said.

This paragraph was also Tony's contribution, not mine. It reflects a
case I often make -- to what extent are we ironing out diversity and
thus creating an artificial and useless model rather than a real-world
model that would have real-world significance?  "The emperor is nude",
needs to be heard more often IMO, in e-commerce.  Before, if possible,
more of our economy and even lives depend on it.

Cheers,

Ed Gerck

More information about the cypherpunks-legacy mailing list