A rant about #trust following the terrific discussions at #IDPolicyForum yesterday and today.
#digitalidentity
THREAD ...
1/9 "Trust" of course is talked of everywhere. In #IDPolicyForum, a speaker bounced around from cryptographic trust, hardware roots of trust, and an anecdote about trusting the conference organiser because they were introduced by a mutual friend.
2/9 The trouble with this discourse and widespread use of the label is that it over-states what cryptographic "trust" is all about. It inflates lay peoples’ expectations of what #digitalidentity technology delivers.
3/9 The so-called "trust Anchors" or "Roots of Trust" DO NOT ENABLE ANYONE TO TRUST ANYONE ELSE in the regular sense of the word (pardon my shouting).
4/9 Cryptographic "trust" is a cut-and-dried verification that a given digital signature chains back to a reliable master key, and that the assertions bound to signatures along the chain can be reliably attributed to issuers. It's very dry.
5/9 So a chain of cryptographic verifications can mean that the digital signature on a prescription can be taken to be that of a board-certified physician, and in turn, the board could be taken to be an accredited professional body (depending on how the #PKI is set up).
6/9 None of that means the pharmacist filling a prescription "trusts" the doctor. That is immaterial. It is not the job of the pharmacist to trust the doctor, or know the doctor in any way, but instead to check the legitimacy of forms and check some things about the patient.
7/9 That example is based on a discussion of digital certificates and issuers here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2548224.

#PKI certificate chains aren’t about trust; they’re much better than that!
8/9 So I wish we wouldn’t use the label in initiatives like “Trust Frameworks” or “Trust over IP”. Some say the language is to ‘communicate’ to non-technical users, but let's take more care using emotions as metaphors for highly technical properties. #TDIF #PCTF #IDPolicyForum
9/9 "Trust over IP" #ToIP is such a misnomer. It just doesn’t do what it says on the box. @trustoverip #IDPolicyForum
You can follow @Steve_Lockstep.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.