[nsp-sec] Circle of trust [was: Vetting: Wang Hua]

Patrick W. Gilmore patrick at akamai.com
Thu Jan 28 15:51:43 EST 2010 

On Jan 28, 2010, at 3:35 PM, Nick Hilliard wrote:
> On 28/01/2010 18:03, Patrick W. Gilmore wrote:
>> I will take that as "I cannot vouch for the person Wang Hua, but would
>> like another CT person here and Wang's position sounds right".
> 
> While I agree with this position, we have a trust chain continuity problem
> here, possibly due to cultural issues between asia and the us/europe.
> Somehow or another as a global security mailing list, we're going to have
> to figure out some way of dealing with this.
> 
> On the one hand, it would appear that there is a desire on the part of CT
> to get involved with global internet security issues - and this is
> important because it affects us just as much as it affects China Telecom.
> In fact, I would suggest that getting CT on board in some fashion is
> critically important, given the level of network abuse emanating from China
> and other east asian countries.
> 
> On the other hand, we need to acknowledge explicitly that there is
> considerable distrust between the incumbent cultural values on this list
> (let's pigeon-hole them as primarily "western", although I dislike the
> limitations of that term) and other cultures in the world where there are
> tangible points of serious disagreement (a prime example being content
> blocking based on political influence - and let's overlook Steven Conroy's
> civil rights bulldozing campaign here for a moment).

This is not a new issue.  But paramount should be the security of the list.  We made a conscious decision a long time ago to exclude possibly useful members to ensure trust rather than allow in possibly untrustworthy members to ensure reach.

Are you arguing against that?


> Somewhat orthogonal to this problem is the fact that circles of trust do
> not scale.  We can argue all day about this, but the truth is that as a web
> of trust grows, the trustworthiness of that web does not scale in a linear
> fashion.
> 
> IOW, folks: we have an existential crisis on our hands.  Well, maybe not
> that dramatic, but there are a bunch of issues here which won't go away if
> we ignore them really hard.

We have no crisis since we considered this and decided on a course of action already.

If CT, or anyone else, wants to be part of the community, there are many ways they can help and earn trust -before- joining NSP-SEC.

-- 
TTFN,
patrick

More information about the nsp-security mailing list