Date: Sat, 3 Sep 1994 08:38:12 -0700 From: Hal To: cypherpunks@toad.com Subject: Re: Problems with anonymous escrow 2--response I thought Blanc Weber made a good point when he wrote: >Well, I was thinking that certifications & reputations wouldn't >mean all that much to me, nor either knowing or being >unfamiliar with someone's identity (or pseudonymity). I would >be more convinced with a demo. Something which could >demostrate facility or ability would be more valuable to me >than a second-hand proof. This is similar to Tim May's suggestion for a credential-less society (as far as possible). Rather than trying to carry around a lot of baggage in the form of certifications, credentials, reputations, etc. (anonymous or not), people structure their affairs in such a way that transactions can be completed using just the information at hand. Blanc's idea for immediate demos to demonstrate competency could tie into this nicely. >This anonymity/identity and certification/reputation business >looks to me like trying to have one's cake and eat it, too, as >the expression goes. A featureless landscape with remote >associations to actual substance so as to both please the >aloof-ers & appease the uncertain. I didn't quite follow the rest of Blanc's message (a problem I have, I'm afraid, with many of his postings) but I do agree that there are problems with the use of reputations as a catch-all to solve the problems of anonymity. Faced with the ease of unpunished cheating in an anonymous relationship, people introduce the idea of reputations, sometimes called "reputation capital", and assert that cheaters would in fact be punished by damage to their reputations, the loss of reputation capital. What is this stuff, reputation capital? What does it look like? How can it be measured? How much is it really worth? I think this concept needs to be clarified and examined if it is to serve as one of the principle foundations of pseudonymous commerce. (I know there is a concept in modern finance which attempts to measure the economic value of a firm's reputation, called, I think, "good will", but I don't know how similar that would be to what we are talking about.) One question is, to the extent that a "piece of reputation capital" is an actual object, a digital signature or token of some sort, how heavily linked is it to a given owner? If I run two pseudonyms, Bert and Ernie, and Ernie earns a piece of reputation capital, can he securely transfer it to Bert and have Bert show it as his own? On the one hand, we would not want this to be so (or, expressed in less normative terms, people would probably be uninclined to put much value on reputation capital which had this mathematical structure). If the purpose of reputation capital is to, in effect, punish cheaters, this is defeated to a large extent if it can be transferred. Ernie can earn a reputation, cheat, and then have Bert show the good aspects of Ernie's reputation while being unlinkable to the bad. Going back to the earlier discussion of anonymous escrow agents this would seem to make it far too easy for dishonest agents to succeed. On the other hand, untransferrable credentials are undesirable from the point of view of privacy. That was the whole point of Chaum's work on pseudonyms and credentials. If pseudonym credentials are untransferrable we have a problem where information builds up about a pseudonym that is very nearly as bad as a completely identified system. It is true that at least the ultimate linkage between pseudonym and physical body is broken, but to the extent that your on-line activities _are_ your pseudonym, it is no more desirable to allow dossiers to be built up about your on-line personality than your off-line life. Chaum's system worked in large part because it was ultimately grounded in an identity-based system. People could have credentials and transfer them, but there were limits on the types and numbers of pseudonyms you could have. I think these kinds of restrictions could limit some of the problems which arise with transferrable reputation credentials, although the general problem of "negative credentials", which is really another word for the problem of punishing cheaters, was not fully solved by Chaum's approach, at least not in a way that I understood (he wrote as though he had solved it). One final point I'd make is that Tim's idea about avoiding credentials, along with the points Blanc made, is attractive but there do seem to be a lot of situations where credentials are shown in life. When that is necessary it is tempting to fall back on a trusted authority, the anonymous escrow agent or perhaps Jason Solinsky's cyberspace government, but I think you still have the problem of those authorities proving their honesty. So the problems of credentials and reputations are still present. Hal