[LINK] Modern PKI [was: RFC: Could CAs Be Eavesdropping on Their Clients?]

[Stilgherrian]

On 16/08/2010, at 5:12 AM, Stephen Wilson wrote:
> Big PKI was to enable "stranger to stranger" e-business.  That was 
> always hyperbolic nonsense.  Strangers don't do business in the real 
> world; what makes us wish this to be otherwise on the Internet?

Surely strangers do do business in "the real world"? But generally only conduct transactions of a value or risk that is appropriate for the level of "perceived trustworthiness", I'll call it, of the other party. Or of the business systems.

If by "the real world" you mean face-to-face, I conduct business with a stranger every time I but a pie from a bakery I've never visited. I do know know who the anonymous person is talking my money, nor do I know they've made the pie safely. But the circumstances of having a shop that hasn't yet been closed down is a powerful signifier that others continue to trust it, and so I accept that risk. "Can I have a pie thanks?" "Sure, that'll be $3.50 but I'll have to warm it up." I reckon I'd still hand over my money at that point.

"Don't get up, I'll grab your round. [extends hand to take $10 note]" Will he actually run away with the money or buy your drink and bring it back?

Mail order.

Advert on TV with 1800 number.

Website with shopping card and SSL-secured checkout.

Where in this stack does "the real world" end? Nowhere, I contend. It's all a continuous, but less-well-trusted signifiers.

That's enough amateur semiotic for a Monday...

Trust is a psychological state, not maths.

Stil


-- 
Stilgherrian http://stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 8569 2006
Twitter: stilgherrian
Skype: stilgherrian
ABN 25 231 641 421