nationwide interception of Facebook & webmail logincredentials in Tunisia

James Firth james2 at
Mon Feb 7 10:55:02 GMT 2011

Brian Morrison wrote:
> Essentially, all the institutions in our lives that once we trusted
> because we didn't know enough about them to be able to see where the
> holes were have now become well known enough that we are aware that
> much they do is not properly overseen and that often they do not have
> our interests at heart. 

It depends what the purpose of the trust relationship is.  If it's to make
electronic transactions secure, then is the CA to be trusted to keep the CA
secret key from criminals?  Probably, yes.  If it's to keep communications
secure from governments, then no, of course private individuals shouldn't be
encourage to trust implicitly any central CA.

Remember that until fairly recently, strong encryption was subject to export
controls.  The need to secure electronic transactions online was probably a
driving factor in removing most of these controls, as far as SSL is
concerned at least.  What was the payback?  Centrally-run trust brokers.

I can't see how any centrally-managed trust broker can be trusted if
considering the kind of state interference seen in countries like Egypt, but
I'm not worried about my eBank.

The likes of Facebook, Twitter and Linked-IN bring trust in content back to
social groupings.  Truth has been seen to travel fast and mistruth quenched
(e.g. false rumours that Vince Cable had resigned in the wake of the
Murdoch/Sky kerfuffle - at first streams were full of the rumour but very
very quickly questions about sources started flying around and the false
rumour was quenched).

I wonder if a social mesh can ever offer a distributed trust authority, and
whether there could be a mechanism whereby members of the social mesh can
work together to maintain trust (or revoke when trust is compromised).

James Firth

More information about the ukcrypto mailing list