Author Topic: Comodo (Melih) Manifesto - Why I am doing what I am doing!  (Read 36474 times)

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11159
    • Comodo Help
Re: Comodo (Melih) Manifesto - Why I am doing what I am doing!
« Reply #15 on: August 16, 2013, 11:15:06 PM »
Thanks for the answer captainsticks
You are welcome. :)

Offline ubuysa

  • Comodo's Hero
  • *****
  • Posts: 376
Re: Comodo (Melih) Manifesto - Why I am doing what I am doing!
« Reply #16 on: December 04, 2016, 04:18:35 AM »
Melih,

A very noble manifesto, though the Internet is not unique in being 'untrustworthy', there are any number of printed books published by cranks and people with an 'axe to grind'!

I do think however, that there is a distinction between 'security' and 'trust'. CIS is an awesome product and one (possibly the only one) that provides real 'default deny' security, and I am frankly in awe of you and Comodo for making it available for free. Thank you.

But 'trust' is something entirely different. Yes, we have to trust that CIS really does provide the security you claim, few of us are technically savvy enough to know for sure that it does. For the record, I trust that it does, it's never let me down yet anyway.

Creating 'trust online' is a very different kettle of fish however. Security can be imposed but trust has to be earned. TLS and certificate pairs are based on trust of course but we still see occasional examples where this trust has been compromised (even Dell are not immune to these things: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate) so who do we trust?

I'm reminded of the fable of the marauding cat that was terrorising a group of mice. One mouse came up with a plan to place a bell around the cat's neck so they could hear it coming. All the mice applauded this brilliant solution, until one of them asked "who will bell the cat?"...

Creating trust online is a very noble aim but I fear it's fraught with difficulties. I trust Comodo for example, because you have earned my trust, but that does not necessarily mean that I also trust everyone that Comodo trusts, and certainly not everyone that those trusted by Comodo trust. So 'who will bell the cat?'

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14499
    • Video Blog
Re: Comodo (Melih) Manifesto - Why I am doing what I am doing!
« Reply #17 on: December 04, 2016, 12:10:24 PM »
Ubuysa,

You are touching on some very important aspects indeed.

Trust is most definitely and "earned" notion. There is no transaction or interaction without trust. Sometime when you are involved in that interaction you may choose to "inherit" trust from some other entity sometimes you don't. Once there is a healthy ecosystem, we can enable end users to enjoy the ability to "risk manage" by either establishing trust or inheriting trust.

But....and a big BUT......unless there is that secure/safe ecosystem users can't even start to do risk management....because nothing can be trusted!

If we can achieve an eco system....a platform where "Trust" can be a currency...if we can arm end users in a safe ecosystem with the ability to make decisions about who/what to trust (either by building/establishing/earning or inheriting) then I believe we have achieved an important step in the evolution of Internet.

Melih

Offline ubuysa

  • Comodo's Hero
  • *****
  • Posts: 376
Re: Comodo (Melih) Manifesto - Why I am doing what I am doing!
« Reply #18 on: December 05, 2016, 03:24:16 AM »
Ubuysa,

You are touching on some very important aspects indeed.

Trust is most definitely and "earned" notion. There is no transaction or interaction without trust. Sometime when you are involved in that interaction you may choose to "inherit" trust from some other entity sometimes you don't. Once there is a healthy ecosystem, we can enable end users to enjoy the ability to "risk manage" by either establishing trust or inheriting trust.

But....and a big BUT......unless there is that secure/safe ecosystem users can't even start to do risk management....because nothing can be trusted!

If we can achieve an eco system....a platform where "Trust" can be a currency...if we can arm end users in a safe ecosystem with the ability to make decisions about who/what to trust (either by building/establishing/earning or inheriting) then I believe we have achieved an important step in the evolution of Internet.

Melih

Melih,

And I'd agree with you that establishing 'trust' as a currency would be an extremely valuable and important step, but how to do that? You can't impose trust and trust means different things to different people; for example, my neighbour and I have different attitudes to trust. I trust people until they give me a reason not to, he trusts nobody until they have proved themselves. How do you introduce trust as a currency given those diverse attitudes?

And if, as I'm sure you intend, and as we would all hope, Comodo becomes a leader in establishing trust as a currency then won't commercial interests then come into play? Other companies may not want to see Comodo as the leader in creating trust, not because of technical or operational reasons but because of pure business ones? We've seen this so many times in the past where more advance systems that are better for the consumer are crushed by commercial might (Betamax and VHS springs to mind).

Would you be in favour of industry-wide cooperation on establishing 'trust as a currency', along the lines of the UEFI standards for example? I would have thought that this would be the only sensible way forward, would you agree?

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek