[nsp-sec] Circle of trust [was: Vetting: Wang Hua]

[Nick Hilliard]

On 28/01/2010 18:03, Patrick W. Gilmore wrote:
> I will take that as "I cannot vouch for the person Wang Hua, but would
> like another CT person here and Wang's position sounds right".

While I agree with this position, we have a trust chain continuity problem
here, possibly due to cultural issues between asia and the us/europe.
Somehow or another as a global security mailing list, we're going to have
to figure out some way of dealing with this.

On the one hand, it would appear that there is a desire on the part of CT
to get involved with global internet security issues - and this is
important because it affects us just as much as it affects China Telecom.
In fact, I would suggest that getting CT on board in some fashion is
critically important, given the level of network abuse emanating from China
and other east asian countries.

On the other hand, we need to acknowledge explicitly that there is
considerable distrust between the incumbent cultural values on this list
(let's pigeon-hole them as primarily "western", although I dislike the
limitations of that term) and other cultures in the world where there are
tangible points of serious disagreement (a prime example being content
blocking based on political influence - and let's overlook Steven Conroy's
civil rights bulldozing campaign here for a moment).

Somewhat orthogonal to this problem is the fact that circles of trust do
not scale.  We can argue all day about this, but the truth is that as a web
of trust grows, the trustworthiness of that web does not scale in a linear
fashion.

IOW, folks: we have an existential crisis on our hands.  Well, maybe not
that dramatic, but there are a bunch of issues here which won't go away if
we ignore them really hard.

Nick