Prior to epistemology is ontology—“What is there?”. Regarding Public Key Infrastructures which are now struggling to be defined, there is an assumption of a clearly defined ontology and that the problem is merely to provide a trustworthy map between names of real world agencies and public keys. I question that assumption. Does “General Electric” denote that company that began in upstate New York to build light bulbs, or perhaps that company in England that started about the same time? Does “National Reconnaissance Office” denote anything at all? Must I recognize the face of a person that I do business with over the Internet? I like much of the mechanism provided by PGP to manage keys but the key singing parties seem not to address the above issues.
I propose a slightly transformed problem, in place of PKI proposals such as x.509, I would like a form of certificate in the form of a recommendation. It might appear as:
|I recommend Public Key 37E8...49 at route as a reliable Movie reviewer. Signed|
|The shrink with public key ... respects privacy in his professional work and has resisted attempts to breach such trust. Signed||His email address is ... and he calls himself Shapley Mordgrove.|
|If Public Key 37E8...49 says something is a mathematical proof then I believe that it is too. Signed|
|I believe that the PGP code with SHA hash = 37B2 ... A6 performs as advertised in the doc whose hash is ... . Signed|
|I believe the Riemann hypothesis. Signed|
None of the above are “speech acts” per se. Here is a speech act. This is a translation into English (as above) of a SPKI cert as explained to me by Bill Frantz:
|Whatever I (PK1) can do with authorizations signed by public key (PK2) joe (PK3) should be able to do as well. Signed with PK1|
With a somewhat smarter program PK1 can further restrict the authorities being delegated. The SPKI format allows for a shorter validity period, and there is meta-data which could be used to add, for example, a read-only attribute. So even more accurately:
|Of whatever I (PK1) can do with the authorizations signed by public key (PK2) joe (PK3) should be able to do this subset: [....] Signed with PK1.|
SDSI and SPKI concentrate on formats of certificates and this is necessary. My purpose here is more philosophical. Trust is currently a mainly psychological phenomenon. The certificates I describe can be issued directly by those with direct knowledge of character. They are thus more honestly formed and thus more useful to those who consult them. We have evolved elaborate mechanisms for establishing trust. If we are to delegate some of this function to computers we will have to worry about certificate formats. For most of the applications currently proposed for certs human perusal will suffice. I am not impressed with browsers schemes that conflate all trusted servers.
Here are some more of my notes on Identity and a Nexus on Belief. My encrypted e-mail desiderata
Some related links: