Policy-Discussion

[<home_pw AT msn.com>]

I'm not sure what CAcert is either, but I think its looking 
for the google in the haystack. And its there to be found. 
And, I personally favor an investigation track founded in 
certain hunches I have about the relationship between 
"reliance" and "adoption" (in web-political social 
dynamics).

For 10 years , folks discussed the frictionless (internet) 
economy: a tantalizing notion that was omnipresent but had 
no form.

Google has come pretty close. A Newtonian explanation of 
everything, not a Quantum description. But still probably 
good, for 99.999% of normal life.

Google takes search, and creates a franchise network, a set 
of syndication channel, a site funding model, a quality 
feedback model, an early binding auction model, a late 
binding pricing model, a portal model for replicating the 
the public model for private-labelling, etc etc. The net 
result is benefit to all parties, and thus: mass adoption.

I never wanted certificates in IETF, because it brings certs 
into the internet way of thinking. I wanted to keep certs in 
the web way of thinking.

It was web way of thinking that took a 10 year old std 
technology (for securing TCP), and in Netscape's hands 
became SSL and https - an adoption phenomenon. If I had 
imposed IETF ways of thinkings about the certs in SSL, it 
would never have got off the ground. I had to seize the 
moment, and liberate certs from trusted, assured, correct, 
well reasoned security doctrine. And let them float, in the 
hands of the folks they were meant to benefit. I wrote my 
book on dig certs with the same mentality: appeal to the 
visual basic programmer: don't be afraid of MS cert server 
just because you don't have a security clearance. Go play 
with it! Go own it! Go and try! There has to be a google in 
something that can generate the sheer volume of words used 
to discuss it!

Reliance is a concept word. btw. It doesn't mean reliable, 
nor does it mean trustworthy; has little nothing to do with 
security even. Its an accountability mode. I can use your 
stuff (making you accountable for level A), and then I can 
rely on your stuff (accountable to level B). Reliance is a 
class B accountability, where *my* very use has an impact on 
*you* - who introduced the damn thing to me.

The famous debate over academics taking over a bankrupt law 
firm's records  revolves around the social value of those 
records capturing a moment of internet history - as its 
clients were lots of interesting .coms. The academics 
probably don't care that the firms clients RELIED UPON the 
client-attorney privilege to keep certain (embarasing?) 
disclosures confidential ; something that is not happening. 
For example, it those academics note that those records 
indicate a criminal act, they are ACTUALLY REQUIRED to 
report it. This was something the clients were RELYING UPON 
not to happen. A lawyer cannot plead a case before a court 
believing his client is guilty, or a fact is not true; 
however that doesn't mean he has to now turn the tables on 
his client, and get him hung! He merely recuses himself, and 
maintains the confidentiality. If you cannot trust your 
defense counsel in this at least, how is a fair trial based 
on a search for the truth ever possible. Wed be in a US 
military tribunal system, all of us; hung before got you 
even out of the simulated-drowning water tank.

----- Original Message -----
From: "Duane" 
<duane AT cacert.org>
To: "Policy-Discussion" 
<cacert-policy AT lists.cacert.org>
Sent: Friday, January 12, 2007 3:29 PM
Subject: Re: [CAcert-Policy] Privacy in CAcert

> Sven Anderson wrote:
>
> > As I stated several month ago, IMO CAcert should be just 
> > a framework for a
> > community, helping their members to check the identities 
> > of each other,
> > and therefore should take as less responsibility as 
> > possible.
>
> I won't comment on everything you've said but there is a 
> lot of reasons
> to do the exact opposite of what you have said, already 
> their is
> discussion about social networks (and CAcert is definitely 
> a social
> network of sorts) to spider out associations with other 
> people and all
> sorts of things you could do with data if this was made 
> open.
>
> So while your intentions might be above board, there is a 
> lot of people
> that would love to get their hands on the sort of data 
> CAcert has beyond
> simple spammers that should never get it in a million 
> years.
>
> > BTW: why not putting a certain assurance-level into the 
> > certificates,
> > going away from that binary "certified-or-not" principle? 
> > We shoudn't run
> > after the "big" CAs, we should just make it better, with 
> > new ideas. I
> > guess, if we get popular, just because it works and it's 
> > better/more
> > trustful/more transparent than the rest, we will be "in 
> > the browsers"
> > faster than we'd prefer.
>
> I mentioned this earlier but no one really gave much/any 
> feedback.
>
> --
>
> Best regards,
> Duane
>
> http://www.cacert.org - Free Security Certificates
> http://www.nodedb.com - Think globally, network locally
> http://www.sydneywireless.com - Telecommunications Freedom
> http://e164.org - Because e164.arpa is a tax on VoIP
>
> "In the long run the pessimist may be proved right,
>    but the optimist has a better time on the trip."
> _______________________________________________
> Have you subscribed to our RSS News Feed yet?
>
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy