Governance is about the appropriate aligning of incentives. When we build a governance layer, what we are essentially doing is cleaning up after the technocrats have done their best. In the case of FC, the technocrats are cryptographers, software engineers, rights people, and accountants.
Of course, because we all talk to each other, and we're all multidisciplinary, there is no throw-it-over-the-wall architecture in FC, now, is there? Governance people widely discuss what they can and can't do, and in discussion with the above ubergeeks, and driven by the reqiurements of layers 6, 7, we eventually come up with a design that is cohesive.
Here's an important idea that we are pushing to take the phishing out of secure browsing. Breached ot the tune of about a billion dollars, the out of date security model for browsing can actually be fixed up quite easily. But to do so we have to think broadly - and we have to align incentives properly. Here's how branding helps where crypto and protocols fail.
http://iang.org/ssl/VeriCola.html
(oh, sorry, yes, this is another rant in the infamous "SSL considered harmful" series. Enjoy!)
Posted by iang at July 12, 2004 05:40 PM | TrackBack