[cap-talk] Firefox breaks the principle of identifiability

[David Wagner]

Marc Stiegler writes:
>This is very much the stance for E objects, of course, which can work
>effectively in a lot more contexts than they are currently being used :-)
>While not a complete world view, it sure would be nice to see how far we can
>drive with this model before surrendering :-)

I understand.  This stance is great for reasoning about programs,
because programs have well-defined semantics.  My concern is with
applying it to reasoning about protocols intended for use by humans.
Humans don't have a well-defined semantics.  A defect we're stuck
with. :-)

>We agree that the crypto-purist worldview is incomplete. However, an entity
>like Verisign is neither necessary nor even really helpful. A name like Coke
>has meaning, not because it was blessed by Verisign, but rather because a
>majority of people mean the same thing when they say it. Algorithms like the
>Google algorithms (and the clever algorithms Rick Rashid's folks have
>developed for Microsoft) are far better at establishing common views of
>terminology than anything like Verisign could ever hope to achieve. These
>algorithms are better because they follow the evolution of human meanings.

That does sound like a promising angle.  It involves the human in 
determining which answers "look plausible".  It can still be fooled,
I'm sure (witness the trade in "search engine optimization"), but if
we accept that we are looking for something that mostly works as opposed
to perfection, this sounds promising.

But, just to inject one note of caution into my enthusiasm:
There is a difference between an approach that involves always asking
Google and trusting them to perform these computations correctly (this
comes awfully close to being equivalent to Verisign, just with a different
name), as opposed to everyone performing those algorithms for themselves.
The latter is clearly better from a security point of view.  It will be
interesting to see whether it is tractable, though.