On Mon, Apr 30, 2012 at 2:24 PM, Henry Story <henry.story@bblfish.net> wrote:
> On 30 Apr 2012, at 19:31, Nico Williams wrote:
>> In the on-line world some of these questions are more interesting, but
>> only because trust is harder to establish.  And anyways, we don't get
>> answers to these questions on-line, not most users anyways.  The trick
>> is to get domain names to reflect the same things that brick and
>> mortar sites do.
>
> yes, but a domain name can be reached by clicking a page that is not
> behind https, and so a man in the middle attack could have changed
> the originating link, even if it came from a trusted source. Also
> [...]

That problem doesn't go away.  We can't just use HTTPS (no matter how
much some people insist that we should only use HTTPS).  DNSSEC
wouldn't help either since usign HTTP (no S) means that there can
always be an MITM in TCP.  The only solution here is to train users to
know when to insist on HTTPS, and the UIs really have to not suck (as
long as we allow HTTP_no_S for some things this will be a problem).

>> No matter what we're still talking about how to establish trust.
>> That's the hard part.  How do I trust that such and such corporation
>> owns some website?  I have to know who is making that statement, and
>> for that I must authenticate them, and I've to decide if they can make
>> that statement authoritatively, and whether I trust them (even if I
>> can authenticate them).
>
> yes. All businesses tend to be registered somewhere: be it either with the
> local authority, or with some tax office, or with the stock exchange,...

I'm not sure that's true.  In the U.S. in some/many?/most? states it's
possible to start a sole proprietorship without having to first
register anywhere -- sure, these are going to be small businesses, and
they will eventually have to pay taxes and therefore register, but
even then, there's too many governments you'd have to go check to find
out about random companies, at least in the U.S.  Who's going to do
it?  I can't think of a random web customer caring to check the tax
records of a sole proprietorship or corporation, or caring to know
immediately that someone else has checked.

>> Assuming the TLS server PKI works then you're right, this is simple to
>> add as a *protocol*.  Though you'd still need to get someone to do the
>> vouching: it won't be governments, since there are some many ones that
>> are authoritative at some level that users could not really authorize
>> them to make these statements, so it has to be some commercial
>> operation, or a national-level agency.
>
> yes.
>
>> That sounds so difficult to pull off, and likely to provide so little
>> value that I don't think it can happen.
>
> I think the value is quite big in fact, and it would not be that difficult
> to do technically. Getting all of these institutions to coordinate would
> be more difficult to do I agree, and one would have to start somewhere where
> the value and the will is there: perhaps the stock exchanges or banks.

Again, protocol-wise: trivial, but business-wise: very much
non-trivial.  "Not that difficult to do technically" is not enough,
and you do have to be careful what you mean by "technically", because
to me this is "technically" quite difficult when we include anything
other than "protocol details" in "technically".

>> But on a smaller scale it could happen, and, indeed, it does already.
>> What I have in mind is federations of like companies.  Sites like
>> Amazon, eBay, and Yahoo! already have, effectively, federations of
>> vendors.  I'd like to see a federation of banks.
>
> Yes. That's the example I used. In Switzerland it was suggested that
> companies such as Swatch that have a lot of resellers that are always
> changing might also have a need for something like this. This is why
> I think that attacking this from both the social networking side and the
> more formal institutional side is useful. The institutional side helps
> people see how trust can work in a distributed manner - it always has.
> It is just that we tend to think of governments as central agencies,
> whereas in reality they are distributed: each state is a peer in the social
> network of states.

Governments are too distributed to help with this problem, unless we
could get all these governments (or at least the ones that matter, or
enough that the ones that do can be the ones that end up mattering) to
have all these databases online.  That's a political problem.
Political processes can be very slow -- much slower than IETF
processes.  Watch out.  My conception of federations sidesteps that
problem.  And as I said: it's already happening on some scale.

With respect to banks... the business model there looks significantly
different than Amazon's/eBay's/Yahoo!'s -- the latter act as a
directory/middleman to the vendors, while there should be no middleman
when it comes to banking, and people do not purchase banking
products/services from random banks as often as they do trinkets from
random vendors, which limits the usefulness of a directory of banks.
So I'm not sure what we can do there.

Basically I'm skeptical.  For my money the certificate transparency
proposal is our best bet in the short-term.  Longer-term, if there's
any way to bring user authentication mechanisms that can do mutual
authentication into the web, then that will help enormously when it
comes to banking, but I think there's a lot of barriers to improving
user authentication on the web.  We'll see.  (That reminds me, I
should write something up for HTTPbis.)

Nico
--