Who do you trust?

Yesterday's item on digital IDs and spam drew mixed responses.

Wes Felter:

Then the spammers will just get certificates. Wait, let me guess: The CAs will revoke certificates if anyone complains, ending in mutually assured identity destruction. No thanks. [ Hack the Planet]

Spammers operate in the shadows. To identify themselves is to risk being held accountable.

One way or another, we're in for a privacy/identity arms race. Managing cert revocation in any practical way will be a huge challenge, for sure. It might also be a huge business opportunity. The mathematics of n-way whitelisting just won't work. There will have to be some way to invest third parties with the power to mediate trust.

Howard Greenstein:

I wish more people had digital sigs and that we could filter as [Jon] suggests. Is there a way to make this an easier process? I had to go to Thawte's site, get forms, have them signed by a bank manager and a lawyer who asserted my identity (which was easier than finding others in their 'Web of Trust'). Web of Trust is an interesting concept but it involves you trusting copies of your identity to a complete stranger instead of a banker/lawyer you deal with regularly. [ Howard Greenstein]

This was of course a major topic of discussion at the recent digital identity conference. State government is one leading candidate, banks are another.

Former URL: http://weblog.infoworld.com/udell/2002/11/21.html#a513