Share this page!

Steve Wilson Profile picture
Twitter logo
5 Feb, 10 tweets, 5 min read
A rant about #trust following the terrific discussions at #IDPolicyForum yesterday and today.
#digitalidentity
THREAD ...
1/9 "Trust" of course is talked of everywhere. In #IDPolicyForum, a speaker bounced around from cryptographic trust, hardware roots of trust, and an anecdote about trusting the conference organiser because they were introduced by a mutual friend.
2/9 The trouble with this discourse and widespread use of the label is that it over-states what cryptographic "trust" is all about. It inflates lay peoples’ expectations of what #digitalidentity technology delivers.
3/9 The so-called "trust Anchors" or "Roots of Trust" DO NOT ENABLE ANYONE TO TRUST ANYONE ELSE in the regular sense of the word (pardon my shouting).
4/9 Cryptographic "trust" is a cut-and-dried verification that a given digital signature chains back to a reliable master key, and that the assertions bound to signatures along the chain can be reliably attributed to issuers. It's very dry.
5/9 So a chain of cryptographic verifications can mean that the digital signature on a prescription can be taken to be that of a board-certified physician, and in turn, the board could be taken to be an accredited professional body (depending on how the #PKI is set up).
6/9 None of that means the pharmacist filling a prescription "trusts" the doctor. That is immaterial. It is not the job of the pharmacist to trust the doctor, or know the doctor in any way, but instead to check the legitimacy of forms and check some things about the patient.
7/9 That example is based on a discussion of digital certificates and issuers here: papers.ssrn.com/sol3/papers.cf….

#PKI certificate chains aren’t about trust; they’re much better than that!
8/9 So I wish we wouldn’t use the label in initiatives like “Trust Frameworks” or “Trust over IP”. Some say the language is to ‘communicate’ to non-technical users, but let's take more care using emotions as metaphors for highly technical properties. #TDIF #PCTF #IDPolicyForum
9/9 "Trust over IP" #ToIP is such a misnomer. It just doesn’t do what it says on the box. @trustoverip #IDPolicyForum

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Steve Wilson

Steve Wilson Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Steve_Lockstep

Steve Wilson Profile picture
5 Feb
'What should Biden do in #DigitalIdentity?' panel, @RossNodurft carefully draws a distinction between [the prospect of a] "National ID" versus a "national approach to digital identity". Hear hear!! #IDPolicyForum
In Australia, any mention of national approaches to digital identity as national infrastructure sadly gets bogged down in the spectre of a dreaded National ID. #IDPolicyForum
MyPOV: One way to position a national *approach* without scaring people with a national ID is to remember how retail banking is standardised. All bank cards work in an identical fashion but each is different. There is no single bank account. #IDPolicyForum
Read 8 tweets
Steve Wilson Profile picture
4 Feb
Up next @RepBillFoster of the #FosterBill #IDIA2020 and his optimism for congress to make policy progress on #digitalidentity for American citizens. #IDPolicyForum
'90% of Americans have access to smartphones' -- @RepBillFoster #IDpolicyforum #digitalidentity #infostructure
Congress now overwhelmingly supports a national unique health identitifer (or at least overturning the ban on a health ID). Dealing with the opioid crisis is a driver. @RepBillFoster #IDpolicyforum
Read 4 tweets
Steve Wilson Profile picture
29 Mar 20
@rohitprabhakar @rwang0 @fxrseen @drsubirsaha @neeraj @vfiorese_ @roxanasoi @hessiejones @AlaricAloor @sarbjeetjohal @MiaD @jrhunt @defcon_5 Thanks Ray for the recommendation. I'm not sure where to begin except to say I don't have special insights into public trust. I tend to agree there seem to be stereotypical differences between countries in the public's trust in government versus trust in business. -/2
@rohitprabhakar @rwang0 @fxrseen @drsubirsaha @neeraj @vfiorese_ @roxanasoi @hessiejones @AlaricAloor @sarbjeetjohal @MiaD @jrhunt @defcon_5 2/n: So the cliche goes that Americans distrust government but have faith in the invisible hand of the markets, and so they "trust" businesses more (shudder quotes are deliberate when we're talking in such broad generalizations). -/3
@rohitprabhakar @rwang0 @fxrseen @drsubirsaha @neeraj @vfiorese_ @roxanasoi @hessiejones @AlaricAloor @sarbjeetjohal @MiaD @jrhunt @defcon_5 3/n: Conversely continental Europeans stereotypically tend to trust governments more than business (and so when Iceland wanted to DNA-test the entire population for research purposes, compliance was pretty high; citizens trusted in the outcomes, and trusted in due care). -/4
Read 15 tweets
Steve Wilson Profile picture
16 Jul 19
@Jo_Plays @bhaines0 @IdentityHutch @WomeninID @dgwbirch @windley @IdentityWoman @Libra_ What makes digital identity (call it "ID" here) so hard?

1. There's a always been this strong drive to make ID reusable, to reduce on-boarding friction, reduce accounts & passwords, save cost, even make money. -/2
@Jo_Plays @bhaines0 @IdentityHutch @WomeninID @dgwbirch @windley @IdentityWoman @Libra_ 2. Most ID initiatives (especially Federated Identity) are based on something of a false intuition. We look in our purses and see dozens of identities that all seem the same. -/3

[I'm dropping all @'s now to avoid annoying people]
3. I have dozens of cards and accounts all labeled "Steve Wilson" and it seems redundant. Can't I boil them down to one? No, they're really not the same identity. Each is a different relationship. -/4
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @Steve_Lockstep has new unrolls!

Check out other threads from @Steve_Lockstep!

Read all threads by @Steve_Lockstep