[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Series of minor questions about OpenPGP 4
On 1/2/09 21:55, Daniel Kahn Gillmor wrote:
Hrm, thinking about this now, i'm not sure why it would necessarily need
to be machine-readable. I think i was thinking that there would be ways
to mechanize your interpretations of various signatures based on the
This would require some good work sorting out common policies that could
then be referred to by URL, sort of like how Creative Commons has sorted
out some common licensing arrangements which can be identified by URL:
uniquely identifies a well-known license, and people are building tools
to automatically assemble indexes of content that's been licensed that way.
Yes, that works because the tech supports the document, which is primary
and the rest is secondary.
However if you look at it from the OpenPGP context, the tech now has to
support more things; a signature, a document and a "CPS" or statement
of legal semantics. This starts to get complex. For example, if a
signature over a document has a complicated meaning, dependent on a CPS,
and the CPS disappears from view after a few years, the tech will have
trouble explaining it to the reader.
For a view of how this was addressed in machine-readable financial
contracts, have a look at the Ricardian Contract. It basically
re-combined the three elements back into one document. Any "CPS" was
within the document or left unsaid, as were all the keys, and the
clear-text OpenPGP signature was used. We called this the rule of one
If a group did the same type of work for certification policies that CC
has done in regard to content licensing, then you could begin to build
similar sorts of tools to interpret human-centered policy preferences
through the web of trust.
This is a more ambitious project, though, and you're right to question
the need for every policy to be machine-interpretable.
It's also about other disciplines, so one should be careful to bring in
the elements of those disciplines that can be trusted to understand and
help the project. One of the reasons CC succeeds is that it was done by
lawyers from universities copying a thing called open source. One of
the reasons CPSs "failed" or turned out to do something other than what
"we expected" was that they weren't done that way.