Epistemology of Cyberspace

Much of what I say here is said better in the SDSI and SPKI documentation noted below. The difference in this note is to entirely de-emphasize the who of certificates and concentrate on attributes of the corresponding private key holder.

Prior to epistemology is ontology—“What is there?”. Regarding Public Key Infrastructures which are now struggling to be defined, there is an assumption of a clearly defined ontology and that the problem is merely to provide a trustworthy map between names of real world agencies and public keys. I question that assumption. Does “General Electric” denote that company that began in upstate New York to build light bulbs, or perhaps that company in England that started about the same time? Does “National Reconnaissance Office” denote anything at all? Must I recognize the face of a person that I do business with over the Internet? I like much of the mechanism provided by PGP to manage keys but the key singing parties seem not to address the above issues.

I propose a slightly transformed problem, in place of PKI proposals such as x.509, I would like a form of certificate in the form of a recommendation. It might appear as:

I recommend Public Key 37E8...49 at route as a reliable Movie reviewer. Signed

or
The shrink with public key ... respects privacy in his professional work and has resisted attempts to breach such trust. Signed His email address is ... and he calls himself Shapley Mordgrove.
Note that the name portion is not signed. What is important is that the person who holds the corresponding private key respects privacy. The important link is between professional integrity and the public key. The real name of the shrink is of less importance and may be wrong without impacting the value of the signed portion.

or

If Public Key 37E8...49 says something is a mathematical proof then I believe that it is too. Signed

or even:

I believe that the PGP code with SHA hash = 37B2 ... A6 performs as advertised in the doc whose hash is ... . Signed

or ultimately:
I believe the Riemann hypothesis. Signed

None of the above are “speech acts” per se. Here is a speech act. This is a translation into English (as above) of a SPKI cert as explained to me by Bill Frantz:
Whatever I (PK₁) can do with authorizations signed by public key (PK₂) joe (PK₃) should be able to do as well. Signed with PK₁
Pete holds SK₂. Now if Pete should come across this signed message (most likely because I sent it to joe who forwarded it to Pete) then Pete will obey messages singed by SK₂ just as he would if it were signed by SK₁. Note that this style of message can be interpreted by a dumb computer program. Note that “Joe”, “Pete” and “I” are not distinguished names—they are mere expository crutches in this note. Only public keys inhabit the SPKI cert.

With a somewhat smarter program PK₁ can further restrict the authorities being delegated. The SPKI format allows for a shorter validity period, and there is meta-data which could be used to add, for example, a read-only attribute. So even more accurately:
Of whatever I (PK₁) can do with the authorizations signed by public key (PK₂) joe (PK₃) should be able to do this subset: [....] Signed with PK₁.

SDSI and SPKI concentrate on formats of certificates and this is necessary. My purpose here is more philosophical. Trust is currently a mainly psychological phenomenon. The certificates I describe can be issued directly by those with direct knowledge of character. They are thus more honestly formed and thus more useful to those who consult them. We have evolved elaborate mechanisms for establishing trust. If we are to delegate some of this function to computers we will have to worry about certificate formats. For most of the applications currently proposed for certs human perusal will suffice. I am not impressed with browsers schemes that conflate all trusted servers.

Here are some more of my notes on Identity and a Nexus on Belief. My encrypted e-mail desiderata

Some related links: