Trustworthy contacts

Owen Lewis ukcrypto at maillist.ox.ac.uk
Mon, 11 Sep 2000 18:33:20 +0100 

----- Original Message -----
From: "David Hansen" <davidh@spidacom.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 11 September 2000 16:48
Subject: Re: Trustworthy contacts


> On 11 Sep 00, at 14:19, Owen Lewis wrote:
>
> > As I have suggested in another recent thread, hierarchical secure
> > stems have a great deal going for them and have a well established
> > track record in many situations.
>
> In the field of commerce, which we are discussing, they have no real
> track record at all.

Wow, that is a sweeping statement. I would say, rather, that insofaras that
is a history of  cipher use in commerce that is a history using hierarchical
manageent models.

>Even if they are desirable they cannot be made
> to fit commerce, unless individuals and individual organisations are
> fitted into the hierachy.

We're considering different things. For a business model, the business is
the hierarchy.

> > Either the rights are vested in the organisation
>
> That is not the case with commerce.

Too damn right it is. My company owns the data and intellectual property it
creates (we do not create personal data). The data does not belong to the
employees who each receive a wage for their part in its creation. This, in
fair part is what the company does. Conversely, where others send us data
(for analysis or whatever) that data is not owned by us but by whichever
company sends us the copy. We may look at it but may not supply it to anyone
else or use it as we will.

> > or, even where that is not so, it is the
> > organisation rather than the individual that may suffer most where
> > there is a system falure or security breach.
>
> Would that this is the case. In reality the banks have sloping
> shoulders and have somehow managed to convince government to coat
> their sloping shoulders with teflon.

Mmmm, I know what you mean but I think my point generaly stands.
>
> > Even where there are real individual rights in the infomation, e.g.
> > personal data, any case for dispensing with hierarchical controls has
> > yet to be made.
>
> There are no hierachical controls over much commerce information. I
> see no need to introduce them.

I think you equate 'hierarchical' controls to control by govt. That is not
at all what I mean. All companies have a management structure. That
structure devolves authority to deal with the companies business from the
owners, via the directors, thought the various divisions and departments
down to the shop floor where the widget makers may be authorised to indent
for rivets. This is a form of hierarchy; it has nothing to do with national
government. It has everything to do with management.

Owen