[cap-talk] Questions about Zooko's triangle
Karp, Alan H
alan.karp at hp.com
Thu Feb 10 15:06:39 PST 2011
David Barbour wrote:
> (1) I agree that Zooko's use of 'decentralized' is more appropriate.
> Anyhow, the essence seems to be: "two peers can use this system to
> interoperate with each other" - i.e. I can share a name with you, and
> you can use the name to interact with me in some meaningful way (e.g.
> refer to the same value). The name needs to have some common
> semantics, though unum patterns and redundancy do muddy the issue.
To my mind, that's a description of a nickname that the peers agree to use.
> (2) 'Names' are never part of the object, they're only ever part of a
> system - by definition, an assigned relationship. Nicknames are
> assigned by an entity to a global system (so can be memorable), and
> keys are assigned by a global system to an entity (so can be unique).
> Petnames are assigned from one entity to another - the 'map' is local
> to each entity (which is why they aren't on the 'global' axis).
As with MarkM's response, you've answered a deeper question than I asked. A nickname is Global and Memorable. A key is Global and Securely Unique. A petname is a mapping between something that is Memorable and something else that is Securely Unique. I'm looking for a more parallel construction.
> (3) There are two problems. First, HTTP names (and by extension HTTPS
> that https://mail.google.com means something different to you than it
> does to me, and thus peers cannot consistently use the naming system
> to interoperate. Second, I might not trust the same people you trust.
> IIRC, a middle-man can intercept and redirect an HTTPS site so long as
> the middle-man has support of *any* trusted CA (because users never
> validate which CA provides a cert for a specific site!). So the only
> property HTTPS naming really provides is 'memorable'.
Cookies and connection protocols, and probably proxies and firewalls, are additions to the HTTPS name system. The question I anticipate getting is will consider only the base system. I'm planning to answer with another question. Do you really think you can trust all the CAs accepted by your browser? That's sort of a cop out, but it will get me past the question.
I like the comment about not trusting the CAs that I trust, but I don't think I'll use it in my response. In a theoretical sense, it simply limits the set of thing I can securely name when I'm talking to you. In a practical sense, it doesn't matter because everyone trusts Verisign.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk