I do it all the time: bring up the website, notice the little lock icon, sometimes view the information about the certificate (mostly to see if it's expired), and then type in my credit card number and buy something. I know a bit about how this all works, but the recent Unicode / IDN character spoofing set me back a bit. How am I to know what kind of transaction is occurring, and with whom?
My good friend Dennis Hamilton (a.k.a. orcmid) has just announced TROST: Templates for Raising Open-System Trustworthiness, his M.Sc in IT dissertation project, and this is going to be a project worth watching. Dennis explains the trustworthiness aspect:
We all know trustworthiness when we see it, right? Maybe not. Starting out, I am looking at trustworthiness in terms of human arrangements for mitigation of the risks of everyday and not-so-everyday life. There is, most of all, the risk of dealing with each other, especially at a distance. I foresee a mapping into trustworthiness projected onto artifacts. I am not willing, at this point, to take my eye off of the ultimately human and social nature of trust and trustworthiness.
I agree completely. Trust is ultimately something only a person can confer. I trust you with some information about my personal plans. I ask you not to share that information and I'm trusting that you will honor that request. It's a trust relationship because you can choose to do whatever you want with my information and my request. I give my credit card to a server at a restaurant and trust that they will not write down the information and use it elsewhere. They could choose to break that trust.
However, when I enter my credit card information onto a web page I'm hoping that the system works as I think it will, and not expose my credit card number in ways that compromise its security. But the computer system is not making any choices about whether or not to secure or expose the information; it's just following a procedure. The procedure could be flawed, or even compromised, but the computer is not exercising choice in the way a restaurant server is.
So I'm very interested what Dennis explores,
discovers, and shares. I know it's going to be a
very useful piece of work in our continuing
efforts to build reliable computer systems and
infrastructures that I can really depend on.
Other related projects: Mary Hodder is talking about trust at SXSW. Kaliya Hamlin is promoting identity practices. I know there are many others; I can't keep up.