From ld231782 Fri Nov 19 23:28:28 1993 Return-Path: Received: from parry.lance.colostate.edu by longs.lance.colostate.edu (5.65/lance.1.5) id AA01474; Fri, 19 Nov 93 23:28:23 -0700 Message-Id: <9311200628.AA01474@longs.lance.colostate.edu> To: cypherpunks@toad.com Cc: ld231782 Subject: Key vs. Signature revocation & Trust Webs In-Reply-To: Your message of "Fri, 19 Nov 93 18:57:03 PST." <9311200257.AA28409@longs.lance.colostate.edu> Date: Fri, 19 Nov 93 23:28:21 -0700 From: "L. Detweiler" X-Mts: smtp *key* revocation certificates are in PGP. This an author issues if his key has been compromised. *signature* revocation certificates are not. this a signor issues (in theory) if he thinks he has been betrayed (spoofed or pseudospoofed). also, notice how keys spread between servers `like a virus'. the revocation certificates should do so as well. I don't know if key revocation certificates do so in today's servers. I don't really trust these servers! Also, I do not buy arguments that `I cannot ever be fooled, the web of trust is infallible, key signature revocation is superfluous'. Anywhere there is trust, there can be betrayal. Believe me, PRZ tried quite a few of these `I am infallible, I can never be fooled' arguments on me yesterday! But, PRZ is God. He knows a good idea when he sees one and will not be influenced by some pseudospoofing campaign by Medusa's snakes or dangles (double agents) in his `inner circle'. * * * I am proposing a completely dynamic, two-way, interactive trust system. Not something like you inscribe in a book, but something like the Internet. I was talking to another person at this meeting. I described how today there is only a one-way, tenuous trust system associated with e.g. commercial transactions and credit reports. For example: if a company rips me off, I stop doing business with them, my trust level for them plunges. But wouldn't other's wish to know of my problem? (Just as if *I* find that someone is pseudospoofing, shouldn't others be informed? ). Sure, I can send everyone email saying I was ripped off, but this all happens informally. What about a *formal* system? Suppose that I put a black mark on the company in the `web of trust' in a public database -- others may revise their own trust with that company when they hear they Ripped Off L. Detweiler. Most of the cypherpunks would probably revise their trust upwards . This database would be like a yellow pages; anyone can read it when the go to do business with different companies. This obviously would be a powerful incentive to a company to mind their p's and q's, eh? Individuals should be careful though about making specific claims like `I was unsatisfied with service on date [x]' and not things like `company [x] rips people off routinely -- I should know'. Also, consider that a company puts a black mark on your credit record, erroneously. You contest it, and win. No consequence happens to the company. What if there was a negative reaction in their `trust level'? What if there was a public notice entered, `L. Detweiler was molested by company [x]'? All the trust levels associated with that company's entries decrease. Dynamic, two-way systems such as these are what will give consumers torque over Big Companies. Just as Big Companies make databases about you to influence their interactions, you can make databases about Big Companies to influence your own. These are inevitable developments. Psychopunks would rather fool Big Oppressive Companies into dealing with fake identities. But this is not acceptable. The company has a right to know who you are, as much as you have a right to know who they are. Psychopunk hypocrites, would you do business with an `anonymous bank'? hee, hee. Want to get really scared? Public web-of-trust databases will be developed for *individuals*--e.g., if you post *anywhere* public, others have a right to tabulate your actions into a central database, and even comment on them. (hee, hee, next few messages J. Dinkelacker will pop up and say `this has a very NSA feel to it.'). Others may even comment on your *private* actions in these databases if they are particularly offensive or socially dangerous, e.g. `stay away from His Royal Eminence, while he has made some contributions he is a raving lunatic, has mailbombed me, harassed my postmaster, and is really promoting the tax evasion and the collapse of governments and anarchy under the guise of Liberating Privacy.' Thanks for letting me talk about this, it all gives me some really interesting ideas about how to achieve this database. One might set up a `trust link' in a database whereby each party agrees to a transaction, and that either can later post a message to that public `link' regarding the status of that transaction. E.g., individual [x] can say `I got great service' on the `trust link' or the company can say `customer [x] failed to pay us'. Links could be cross referenced to find deadbeats and all that. People would decide who to do business with based on their trust link policies. But see how this system benefits *everyone*? You have power over the company, and the company has power over you. You trust the company, and vice versa. You can zap their reputation if they betray you, and vice versa. Another interesting idea is that of `dueling reputations'-- If I have a high reputation in some area, and I attack someone else in that area, their trust levels in that area should plummet more than if I had no reputation in the area. Today, one has to do all this informally, like posting to newsgroups trying to influence other people that one has been betrayed. Cypherpunks, this `web of trust' thing is just in its infancy. In a few years, we will have a Psychopunk's Worst Nightmare. Or an Honest Person's Civilization.