Policy-Discussion

[Sven Anderson <sven AT anderson.de>]

Ian G, 13.01.2007 16:56:
> I personally would go half as far as that, I think people 
> should have an ability to set a flag saying "public" on each 
> piece of data.  So if I want to show my address and my 
> assurers list, then I can.  If I want to show I've got 150 
> points and I've passed the Assurance test, I can.  E.g., it 
> is rather valuable in some circles to show that I am over 
> the age of 18.

Adress?... Age?... In Germany, and maybe in the whole EU, we have the
(I'll try to translate:) "precept of data minimizing data processing"
("Gebot der datenminimierenden Datenverarbeitung"). So I think, there
should be no data stored, unless it is necessary, because either it will
be in the certificate (after having been assured), or because it is part
of the web of trust. If you don't need it, just don't store it.

> But forcing everyone to do that would I think be highly 
> limiting.  What's wrong with providing privacy-oriented 
> people the CAcert facility, with privacy for their 
> activities?  It's not as if this hides anything specially, 
> as you always need to check the details anyway if you are 
> going to rely on them.

If the trust of the system is based on it's public transparency, then
privacy is counterproductive. If I have a certificate of somebody, and I
want to check it on the CAcert website, I would like to see a list of the
assurers and their assurer points (not necessarily their names though!) If
I just see the number of assurances, or even just an "assured" flag, my
trust in his identity is less.

Don't get me wrong. I'm totally pro-privacy. But the best way of realizing
privacy is to publish all data. That sounds paradox. But then you are
forced to anonymize as much data in you system as possible, that is
_destroying_ the data, not just hiding it. And everybody can see by its
own, how much data is really stored about him, and he can decide to let
his data being removed. (I assume, there could be certain cases, where I
would agree that storing but not showing the data is still the best
option, but it should be the exception.)

In such a system the assurance-level is completely dynamic of course.
Therefore everybody has a motivation to get as much assurances as
possible, so that even if some of your former assurers leave the system,
your assurance-level stays high.

Also it's easier to correct wrong assurances and make the system
self-stabilizing. I had many cases, where I didn't want to give any
assurance points, but the user already got points! I had no possibility to
vote for a assurance point withdrawal. (Sending these cases all to a
support AT cacert.org
 cannot be the solution.)

That is also a way to get rid of the reliance/liability problem. CAcert
can exclude all liability and build up _direct_ identity trust at the same
time. Like ebay also isn't liable for a seller, who has an ass full of
positive feedback, although they provide the feedback system.

> Why would you put it in the certificate?  That would then 
> become stale;  surely you are interested in the assurance 
> level today, the latest info available, not what happened a 
> year back?

Exactly. That's why there should be something like:

"Assurance level at time of certificate issue: 580
For current level and details visit http://cacert.org/userid";

How cool would that be? ;-)


Cheers,

Sven

-- 
http://sven.anderson.de    "Believe those who are seeking the truth.
tel:    +49-551-9969285     Doubt those who find it."
mobile: +49-179-4939223                                 (André Gide)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature