CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
Ed Gerck
egerck at nma.com
Wed Oct 18 10:23:52 PDT 2000
"Arnold G. Reinhold" wrote:
> At 11:21 AM -0700 10/17/2000, Ed Gerck wrote:
> >As Tony Bartoletti wrote, apologies for what seems a rant, but the "solid
> >mathematical foundations" underlying digital signatures, "Qualified
> >Certificates",
> >unmistakable IDs, biometrics and so forth create in me a degree of "psychic
> >and social backlash" as well.
>
> As well it should. There is a big difference between "can we do it?"
> and "should we do it?"
>
> One other point, and let me shift to upper case for this one: THERE
> ARE NO "SOLID MATHEMATICAL FOUNDATIONS" FOR ANY OF THIS STUFF!!!!!
> THE DIFFICULTY OF BREAKING PUBLIC KEY SYSTEMS HAS NEVER BEEN PROVEN
> MATHEMATICALLY.
Yes, that is why Tony's remark was somewhat tongue-in-cheek and used
"solid mathematical foundations" within quotes.
> It is all hypothesis and empirical argument. A lone
> mathematician working in his attic could come up with an algorithm
> that would blow some or all of the existing systems out of the water.
> Who get to cover that financial risk?
The buyer. CAs (read Verisign's CPS or any CA's CPS, or bank contracts
and -- above all -- see the US UCC) are not responsible for producing correct
results but just for using correct methods. Where "correct methods" are
what others consider correct -- even if they are proved wrong later on
by a one mathematician working in his attic.
> >We create these instruments in the hope of ascertaining better measures
> >of the constancy of authentication and identities. The central question that
> >comes to mind is "to what degree we are artificially creating the constancy we
> >intend these instruments to measure."
>
> Well said.
This paragraph was also Tony's contribution, not mine. It reflects a
case I often make -- to what extent are we ironing out diversity and
thus creating an artificial and useless model rather than a real-world
model that would have real-world significance? "The emperor is nude",
needs to be heard more often IMO, in e-commerce. Before, if possible,
more of our economy and even lives depend on it.
Cheers,
Ed Gerck
More information about the cypherpunks-legacy
mailing list