p2ptrustorg banner

home : about : p2p : security : technology : trust


Some more thoughts

I've spent some more time reading recently, and I'm more and more convinced that trust really is a big issue for us. There are some good signs, and some bad signs. One of the good signs is that economists have some models for how to deal with uncertainty and lack of data - a bad sign is that political economists generally seem to reckon that there's no such thing as trust. Looks like we'll need to spend some time convincing.

Ross Anderson's latest book "Security Engineering: A Guide to Building Dependable Distributed Systems" was an eye opener. Not that a huge amount of it was directly relevant, but significant parts of it were. Threshold signatures look like they're likely to be a key technology to support trust within distributed systems. I'm also going to have to think more widely about the psychological and ethnographic drivers towards trust, as well as the sociological issues around it. I go through periods of feeling that a truly decentralised system is impossible to wondering whether it is after all. The law of tort - "the parties who are most able to manage the blame should shoulder the costs of it" is a brief synopsis of how Anderson summarises it, but I really need to look into this (good thing my father's a lawyer, yes?) - may give some leads here, I hope.

Another positive is that I'm becoming more convinced that we already have a number of semi-decentralised models for trust, including academic faculties, guilds and clans. I expect this to be a major area of research. I have the feeling that I'm going to need to think about brands as receptacle for trust, and how new thinking on the status of the brand will influence how we treat the issue of trust. I also attended part of a talk by Ian Angell the other, and his views on reintermediation, though a little right-wing for my tastes, may also offer some opportunities for exploring how we place trust in agents.

In the end, users are neither knowledgeable enough to express how they want to trust, or how (can anyone be knowledgeable enough in more than one or two contexts?), so how can a system provide enough opportunities for people to transfer their trust to it to make it usable? Will this always be done through brand? Is reputation different to brand, and if so, how? (The answer to the question of difference is probably "yes", but the answer to the how is a little more difficult!).

This is just a place-holder to allow me to air some of the issues that I think need research - any responses to them are much appreciated.


home : about : p2p : security : technology : trust


Mike Bursell - mike@p2ptrust.org