[2446] in cryptography@c2.net mail archive
Re: "ABA" beomes root CA for financial services industry
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Sat Apr 4 17:58:49 1998
In-Reply-To: <s524cde7.084@novell.com>
Date: Fri, 3 Apr 1998 20:57:36 -0500
To: DIGSIG@LISTSERV.TEMPLE.EDU, cryptography@c2.net, dbs@philodox.com,
dcsb@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Cc: Bob Jueneman <BJUENEMAN@NOVELL.COM>
At 1:53 PM -0500 on 4/3/98, Bob Jueneman <BJUENEMAN@NOVELL.COM> wrote:
> With due respect, I submit that Robert Hettinga has missed a very major
>point,
<snip>
Bob, you don't get it, do you? It's *all* finance, and claims to the
contrary, claims about "certification authorities" not being financial
entities, about them not bearing financial risk, are even more, um,
missing, than, well, assertions that Moore's Law causes centralized
resources and economies of scale in information processing.
Asserting *anything* of value, much less the validity of an "identity",
(whatever *that* is on a network where direct physical sanction will be
costly enough to be impossible), is a *financial* risk, Bob. And so, if
you're a "certification authority" you should be *renting* your reputation
anytime you have to back someone else up on some assertion *they've* made.
If you don't get paid for it, you're going to be out of business sometime
soon. It's nothing personal, of course, it's just business. Simple
arbitrage. Buy low (apparently free, or at least not efficiently priced),
sell high, and all that.
The higher the value associated with some fact you're helping someone
assert, the more any customer of your so-called "certification authority"
is going to have to pay you to have that assertion validated. In other
words, a "certification authority" is nothing but an insurance provider, a
bookie in all but name, with a nod to Mr. Heinlein. ;-).
Like any bookie, a "certification authority" is just another financial
intermediary, with the holder of the assertion purchasing a hedge from the
"certification authority", betting against the purchaser's own reputation
decline. Buying a put option from the "authority" on the assertion they're
having it make on their behalf. Whatever.
Finally, all financial intermediation is like that. A financial
intermediary puts capital at risk, even if none of it is explicitly used,
like with say, a seller of equity or debt. By doing so, an intermediary
rents its reputation to a specific transaction or to the transactions of a
given economic entity.
Which, at long last, :-), brings us to my claim (actually, it's Peter
Huber's, go take it up with him if you like) that Moore's law creates
geodesic networks. Actually, *my* claim is that geodesic networks give you
geodesic markets, where smaller financial intermediaries operate with
virtually the same efficacy as larger ones, lowering the barriers to entry,
and thus driving large players out of business.
I'll give you an example of the effect of Moore's Law on the capital
markets. Everyone in the financial markets call it disintermediation,
though you'll see why I'd call it "microintermediation" in a minute.
Right now, I can pick up a phone (do they have a web page?) and I can buy
"shares" in the S&P 500 directly from Vanguard, who's a direct market
participant, at rediculously lower transaction costs than I can if I bought
the shares myself from any broker. That's classic financial
"disintermediation".
50 years ago, I would have had to go up a very large aggregative
transaction execution hierarchy to effect that transaction. One salesman
buying from another in larger and larger lots until stock was sold in large
blocks at a central exchange, then one salesman selling to another in
smaller and smaller lots until my shares got to me. Now that I think about
it, 50 years ago, there wasn't any way to *calculate* an S&P500 price in
anything approaching real-time (you can do the Dow 30 industrials with a
pencil, if you don't mind a non-adjusted average, which was why the Dow
became popular). Heck, if I remember my financial history right, there
wasn't even an S&P500 50 years ago, because they didn't have computers to
do the random walk work yet. Moore's Law. :-).
[Speaking of random walks, and as a purely financial aside, the number of
so-called "actively" managed funds beating the S&P 500 is rediculously low,
which is why I'm buying that S&P500 fund to begin with.]
The problem is, I can't go any closer to the market than Vanguard, because
our transaction *clearing* methods are still hierarchical and centralized,
and work just like the old hierarchical execution chain did. That is, all
the New York Stock Exchange stocks (and I think all the S&P500 stocks are
NYSE traded), have to clear in a single computer (okay, in honor of Novell,
maybe a Novell LAN) at the Depository Trust Company in New York. I can't
remember if the NASDAQ stocks clear the same way, but it wouldn't surprise
me if they did.
So, if there was any way to avoid the bottlenecks of our industrial
transaction settlement hierararchies, with all those economies of scale you
like to point to, Bob, then we wouldn't even need to go to Vanguard to get
to the market at all, much less Fidelity, or Merrill, or Chase, or J.P.
Morgan & Co., to keep winding financial history backward. We could
completely bypass those large financial intermediaries, the ones which
depend on hierarchical transaction settlement for their economies of scale.
And, I claim, that's all coming. Moore's Law on a ubiquitous internet makes
it inevitable. This discussion group's work makes it all inevitable,
frankly, because you're all trying to effect, believe it or not, geodesic
transaction clearing.
So, once transaction clearing becomes a fungible commodity, in an
environment of exponentiating diseconomies of scale (like what happens to,
say, processing power on a ubiquitous internetwork, yes, Bob? :-)), then
it's much more efficient, and cheaper, to get your transaction cleared from
the first available small transaction processor of a given reputation than
it would be to wait for the larger, more expensive one to be free.
You, of all people, Bob, should know that lots of little microprocessors
kill single big macroprocessors. That's what client-server, Novell's raison
d'etre, was all about, yes? The fact that the internet, the mother of all
geodesic networks, operates on even more diseconomies of scale and is why
Novell's rasion ain't so etre anymore, I'll leave alone for the time
being... ;-).
Now we see that reputation, "trust" if you want, will be fungible. It'll be
graded and *sold* (rented, whatever) like any other fungible commodity.
Reputation is, after all, just information, and, like information in any
geodesic network, it'll be broken up and sold in fractally smaller and
smaller bits as Moore's Law progresses.
So, no, Bob, "trust" won't be given away in a hierarchical fashion by
"certification authorities".
Okay, having gotten you to read *this* far, :-), I'll make yet one more
tangental, outlandish claim. That is, as you start to break book-entry
transactions down into smaller and smaller bits, done on more and more
financial intermediaries, clearing nearer and nearer to realtime, you are
enevitably driven to, yes, I'm gonna say it folks, digital bearer
settlement. Why? Because it's more secure (stronger cryptography), it's
cheaper (which remains to be seen, but it's fun out here on this limb),
and, finally, it's faster. Can't get more instant than instant settlement,
yes? That means, if you don't have book-entries, you don't need biometric
identity, audit trails, and, dare I say it, criminal law to backstop, um,
mistaken, book-entry transactions. Curioser and curiouser, the world gets,
eh?
Rounding the stretch, here, I swear.
So, Bob, answer me this: If you're doing instantaneous, maybe bearer,
settlement among countless, increasingly smaller, financial entities in a
direct, competitive auction market for fungible financial services of all
kinds, where reputation is itself a fungible financial commodity, does the
market topology look more like, a.) a giant ziggurat in the industrial,
economies-of-scale, terminal-host model, with some single reputation
"processor" at the top, or, b.) "some spider-web or geodesic dome of trust"?
The next question you have to ask is, "Is this going *really* to happen?"
I certainly hope so. Though I would be foolish to say when, of course.
Faster than most of us think, I bet. :-).
Yours in financial heresy,
Bob Hettinga
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
