bye bye ViaCode

[Owen Lewis]

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adrian
> Midgley
> Sent: 08 June 2002 19:06
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: bye bye ViaCode
>
>
> On Saturday 08 June 2002  4:38 pm, you wrote:
>
> > I suppose my point is not so much that WoT couldn't be done, as much as
> > that it would be a lot of work.  It would also need commitment from
> > everyone who was to be part of it, or it wouldn't work.  With
> > centralised key management, at least you know everyone ought to have a
> > key that you can trust.  Bearing in mind this disadvantage of the WoT,
> > I'm curious to know what you see as the advantages.
>
> You have met our central (key) management?
> I don't see that if someone is careless to the extent that I
> wouldn't trust
> their signature on another key (something I can reflect in how I use my
> software) that I can rely on their key having been kept secure ater it is
> issued by the central authority.
>
> > Following on from Ross's point, I suppose the question is what you are
> > trying to create.
>
> I'd like to know that notes made and sent to me cannot be repudiated, and
> that notes I send to someone else cannot be read before they get there.
>
> > I've never seen a certificate that says someone is trustworthy, only one
> > that certifies someone's personal attributes (name, address, department,
> > whatever).
>
> Right.  But I think the assumption is that if I get a request to
> encrypt your
> notes against a key for Dr J Smith Darlington Memorial Casualty Dept, and
> send them to the address given, that I am going to _trust_ that
> this person
> is fit and proper, and of course that this key is theirs and
> nobody else's.

Are we not over-egging the pudding? How did you and colleagues exercise
trust and due care before any of you ever heard of cryptography or had
electronic records? I suggest that it was by some very simple commonsense
methods. If a hospital department were to have asked your surgery to send
them my notes I suggest that you would have sent them, addressed to the
department and without even the precaution of making a return call to the
department first (for the purpose of confirming that the requests was
(probably) genuine. I'd think that was appropriate and professional
behaviour, would it not be?

So why the great fuss because of electronic storage and transmission and the
use of cipher by way of an envelope?

C.I.A. As discussed here before, for the purposes of the general medical
profession, there is good reason to rewrite this as I.A.C. Yes, of course
cipher has an important part to play in all the parts of I.A.C. but *trust*?
Within an organisation, centralised management of keys has major advantages
and are the way to go. If any of your colleagues prove feckless, drunken,
mercenary etc etc, they are no more likely to do so within an electronic
system of document management that they are within a paper system.

WoT is largely a snare and delusion that is attractive to those who wish to
'trust' others who they do not know and who they might more wisely choose
not to trust at all. It can be viewed, almost, as another symptom of
abdication of responsibility for one's actions. Whether you and I should
trust each other, I suggest depends upon, a mature assessment of an act of
trust proposed. To meet what need is the act of trust contemplated? Is it
reasonable in the circumstances? What's the down side?

An act of trust is always to expose vulnerability in some way at some level
or another. It is also a central feature of the human condition, much
enjoyed and exploited by lovers and intelligence agents over the centuries.
It is little wonder that intelligencers fondly describe themselves to each
other as members of the worlds second oldest profession :-) However, and as
discussed here at length on previous occasions, trust has little if any part
to play in the interaction between machines which is what electronic
cryptography is about. Real security eliminates as far as possible any need
for trust. Once  information crosses the interface from machine to man, then
security becomes a much frailer thing. In the case of the medical
profession, I would suggest that its practitioners need seek no higher
standards in security that they exercised before electronic systems came
into their lives.

Owen