Re: [VCARDDAV] Signed vCards

DataPacRat <datapacrat@gmail.com> Wed, 04 September 2013 00:31 UTC

Return-Path: <datapacrat@gmail.com>
X-Original-To: vcarddav@ietfa.amsl.com
Delivered-To: vcarddav@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B7A21E8055 for <vcarddav@ietfa.amsl.com>; Tue, 3 Sep 2013 17:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Level:
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTaANSEtOcRa for <vcarddav@ietfa.amsl.com>; Tue, 3 Sep 2013 17:31:07 -0700 (PDT)
Received: from mail-we0-x235.google.com (mail-we0-x235.google.com [IPv6:2a00:1450:400c:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id CCEA421E8102 for <vcarddav@ietf.org>; Tue, 3 Sep 2013 17:31:06 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id p60so1083605wes.40 for <vcarddav@ietf.org>; Tue, 03 Sep 2013 17:31:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=74SxzCDxDWBfWvg/du9dsGsKqkjJe+Q1h0sUro/bPzo=; b=uv+p1pXRA2IqDoFt0du0UluP+YJrJajw8VgqO+pC16np/MCCqEYlEa+iv9wSkWrnKw j0F6h/pgdia6Leqp29gX2KJ0DUdlUFxE2lEU4vOOLsGVPhN2UUgGIgk6kqp5G6mhOgUD F/RduPI3X9v1lG5H6XzrmZL7kA6V0jo1TXrS+k5Osu7y7jesDL9hwwQojZU2oe+xbXdE IuJrhxJPVU9dcuKJkZilxazIA9JvtDqV6m8ftNWPPHjSwBSeXostzoLfVctdKS1cVr9A 8kp/MCcT65q4fSt4y9NjUUfRR4pozGDFPgWUbJEGy6Diw/n4UObDS4dcUdUq/AZuYKLx TK8A==
MIME-Version: 1.0
X-Received: by 10.194.24.168 with SMTP id v8mr128678wjf.28.1378254665868; Tue, 03 Sep 2013 17:31:05 -0700 (PDT)
Received: by 10.194.133.193 with HTTP; Tue, 3 Sep 2013 17:31:05 -0700 (PDT)
In-Reply-To: <CAB5WduBhTpfiEuRoEjSQo+O5NQceaJsL-e-n=CwK0-Z=JK_gbQ@mail.gmail.com>
References: <CAB5WduA09GVZ7j2q4e9aM-CYBj27_deKT=VHhVL0+gzG1yRq0A@mail.gmail.com> <CAD6ztsqqQwbN_-yv9+-tHuh8X1MfBRKEqF6ugH=0avHTuKxzWA@mail.gmail.com> <CAB5WduCO7mNPAqgqYWXmceog3wVNox5reUAjsCQRUXRQB0Wftw@mail.gmail.com> <51D18BC4.5030300@cisco.com> <CAB5WduAJSiqEjsw+DUo4Emy-Tw30nTw1WA2MshxJAfHN1sh0WA@mail.gmail.com> <51D1A52C.6000806@viagenie.ca> <CAB5WduDEe+tC21L6AbW0HRzTf5Z6L0oCA+M4X8_p1ERK0rFPtA@mail.gmail.com> <51D570F4.1020204@cisco.com> <CAB5WduC9OQDknwZj5PHQ0t8Y4V1vtpafeJuZXsnhrWKSmDfwFQ@mail.gmail.com> <CAB5WduC-m-TH9a1WrFY6QX8cQ2bJ8EgOD8+swEwpVxM7my42UA@mail.gmail.com> <CAB5WduBgpkQO+-4iNDspxR7X7JKeFU3UfjfiPd7qWWr7QRY3ew@mail.gmail.com> <CAB5WduCG356V5bHH8-7PYUtF3VqW5VRM-e=N0h7rbAJN51sSuA@mail.gmail.com> <51E42D85.4060806@viagenie.ca> <CAB5WduBJEXSsV5T-1MA+05wkQ6CZs8PySwUaQaAHew0E7dErbQ@mail.gmail.com> <CAB5WduBHej1O95X5UrFMkVJ1CQRdLzLOUjCF1AT6uz+-DTN4Ww@mail.gmail.com> <CAB5WduDQ6mHgSoWpX3JghF3CAMn8F0hV+y4zSTWc+Gi8EtY8UA@mail.gmail.com> <CAJNb_g1A64NWkpBqZsKsoLShB41Gqq3q21QnvDEdhENUYSi3XA@mail.gmail.com> <CAB5WduB4NMfLi_iYaTzivHWnV98rQbHMVWU4PEs6uO03uhJucA@mail.gmail.com> <CAB5WduAMy+UTrhKT6+dBh86iSCgcOtBEmkYctCUOzCOwxEo13w@mail.gmail.com> <CAJNb_g3trtyUjWikmTVBPoeVwzexL-DLx4=kfaWczuv6zGA-Lw@mail.gmail.com> <EE5149CF64A654342B9D06A8@cyrus.local> <CAJNb_g2wA_=YZu6hscNpRo_1QD9D+cbPX6BzgJrymLsTsK5F2Q@mail.gmail.com> <CAB5WduCYfFr3o4FQ86h3nj1dyb0fNSMwrBUjRHKrNLY8UDy-gA@mail.gmail.com> <CAB5WduA_T4T+y6Gzt938NtR7+sCgDuEmz2cK3RXke-25EAN2pg@mail.gmail.com> <CAB5WduCpdi5Q3p6Pv3C-YfSHXkS0ziAP9Jc9BKKKTRHCOz=fnw@mail.gmail.com> <CAB5WduD5bf8UXf+zTC-Z+Wt0NWaoKU3sVWpmjA-xHdDuKxRCPg@mail.gmail.com> <CAB5WduBu7OE=mpwM8SSDMg=UMjsS+hfSKjXcQD7FyuV-2bF=Ww@mail.gmail.com> <CAB5WduBhTpfiEuRoEjSQo+O5NQceaJsL-e-n=CwK0-Z=JK_gbQ@mail.gmail.com>
Date: Tue, 03 Sep 2013 20:31:05 -0400
Message-ID: <CAB5WduCaocOrY7XDovT5ta5Vu4htXfyLFfo1OkYroPKn0jf+9g@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Michael Angstadt <mike.angstadt@gmail.com>, Simon Perreault <simon.perreault@viagenie.ca>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "vcarddav@ietf.org" <vcarddav@ietf.org>
Subject: Re: [VCARDDAV] Signed vCards
X-BeenThere: vcarddav@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF vcarddav wg mailing list <vcarddav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vcarddav>
List-Post: <mailto:vcarddav@ietf.org>
List-Help: <mailto:vcarddav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 00:31:08 -0000

Here's my latest write-up for the CONFIDENCE parameter, for whatever
feedback I can evoke before submitting the -02 draft.


3.1.  Parameter: CONFIDENCE

Namespace:

Parameter name: CONFIDENCE

Purpose: To specify the confidence of the authority that the
information of the given parameter is accurate, measured in decibans.

Value type: A single number, usually an integer.


Description:

A CONFIDENCE value of 0 decibans indicates odds of 1:1 (ie, 50%) that
the information is correct. A change of 10 decibans changes the odds by
a factor of 10; 10 decibans means 1:10 odds (~90%), 100 decibans 1:100
odds (~99%), -10 decibans 10:1 odds against (~10%). A change of 1
deciban is roughly equivalent to changing the odds by a factor of 5:4.

Here is a table covering enough integer deciban values to allow for
easy reference.

Decibans / Level of belief / Rough Odds / notes

-127 / 0.00000000002% / 1:5 trillion

-30 / 0.1% / 1:1,000
-20 / 1.0% / 1:100

-10 / 9.9% / 1:10
-9 / 11.2% / 1:8
-8 / 13.7% / 1:6
-7 / 16.7% / 1:5
-6 / 20.0% / 1:4
-5 / 24.0% / 1:3
-4 / 28.5% / 2:5 / a reasonable doubt
-3 / 33.3% / 1:2
-2 / 38.7% / 2:3 / probable cause
-1 / 44.3% / 4:5
0 / 50.0% / 1:1 / neither belief nor disbelief; agnosticism, 1 bit
1 / 55.7% / 5:4, 1.25:1 / preponderance of the evidence
2 / 61.3% / 3:2, 1.5:1
3 / 66.6% / 2:1 / clear and convincing evidence
4 / 71.5% / 5:2, 2.5:1
5 / 76.0% / 3:1 / beyond a reasonable doubt, 1 standard deviation, 2 bits
6 / 80.0% / 4:1
7 / 83.3% / 5:1
8 / 86.3% / 6:1
9 / 88.8% / 8:1 / 3 bits
10 / 90.9% / 10:1 / one nine
11 / 92.6% / 25:2, 12.5:1
12 / 92.5% / 15:1 / 4 bits
13 / 95.2% / 20:1 / lone studies with p=0.05, 2 standard deviations
14 / 96.2% / 25:1
15 / 96.8% / 30:1 / 5 bits
16 / 97.6% / 40:1
17 / 98.0% / 50:1
18 / 98.4% / 60:1 / 6 bits
19 / 98.8% / 80:1
20 / 99.0% / 100:1 / two nines, lone studies with p=0.01

21 / 99.26% / 125:1 / 7 bits
24 / 99.62% / 250:1 / 8 bits
26 / 99.7% / 400:1 / confirmed studies with p=0.05, 3 standard deviations
27 / 99.80% / 500:1 / 9 bits
30 / 99.9% / 1,000:1 / three nines, 10 bits
40 / 99.99% / 10,000:1 / four nines, confirmed studies with p=0.01
42 / 99.993% / 16,000:1 / 4 standard deviations, 14 bits
45 / 99.9968% / 30,000:1 / 15 bits
50 / 99.999% / 100,000:1 / five nines
60 / 99.9999% / 1 million:1 / six nines, 20 bits
62 / 99.99994% / 1.5 million:1 / 5 standard deviations
70 / 99.99999% / 10 million:1 / seven nines
80 / 99.999999% / 100 million:1 / eight nines
87 / 99.9999998% / 500 million:1 / 6 standard deviations, 29 bits
90 / 99.9999999% / 1 billion:1 / nine nines, 30 bits
99 / 99.99999998% / 8 billion:1 / 33 bits
100 / 99.99999999% / 10 billion:1 / ten nines
110 / 99.999999999% / 100 billion:1 / eleven nines
116 / 99.9999999997% / 400 billion:1 / 7 standard deviations
120 / 99.9999999999% / 1 trillion:1 / twelve nines, 40 bits
127 / 99.99999999998% / 5 trillion:1

Given human factors, it is rare for hand-typed data to be able to have
a CONFIDENCE that every single bit is accurate of more than 50
decibans. Without getting into the details of recursion, and given that
at least one out of roughly ten billion people is thoroughly
disconnected from reality, it's very difficult for a human to have more
than 100 decibans of confidence in anything, even that H2O is a useful
description of water or that the subjective reality they are
experiencing is connected to the same subjective reality experienced by
other humans.


If a user wishes to manually generate signed vCards, but does not have
much experience with mathematics, then one option to get rough
estimates of what CONFIDENCE values are appropriate could be to use
Laplace's Sunrise Formula, also known as the Rule of Succession. This
takes two pieces of input: the number of times in which something might
have gone one way or the other; and the number of times it went one
way. For example, it might be used with the number of times an email
has been received from a particular address, and the number of times
that email has been from the owner of that address instead of viral
spam. The formula produces an estimate of the odds that future trials
will go the same way, by calculating:

FutureProbability = (Successes + 1) / (TotalTrials + 2)

For the example, if one has received 1,000 emails from an address, out
of which 1 was spam, then the formula says that the future probability
will be on the order of (999+1) / (1,000+2) = 1,000/1,002. This implies
that a CONFIDENCE value based on this data would be on the order of 30
decibans - but, barring other forms of evidence, it would take around
10,000 such emails before a claim of 40 decibans of confidence would be
warranted.

Note that this is an extremely simple formula, and there are many
better ones that can provide more accurate results, and take into
account more kinds of evidence. Any user who knows of a better method
to generate CONFIDENCE values should use those ways; the Sunrise
Formula is provided as a basis for users who have nothing else to
create estimates with.

More sophisticated Bayesian analyses can be used to create ad-hoc
certificate authority systems. This would involve one vCard with an
authority describing itself, and signing it; another vCard where that
authority issues a card describing a second entity and its key, using
the CONFIDENCE parameter to give its Bayesianically-generated level of
belief; and a third card where that second entity describes a third,
offering its CONFIDENCE level. A user with access to all the vCards
could then determine, based on its own trust-level of the root
authority, how much to trust the other entities. This trust of the
root authority could be generated either with the Sunrise Formula, or
with an analysis of web-of-trust data.


Examples:

BIRTHPLACE;CONFIDENCE=50:Winnipeg, Manitoba, Canada

ABNF:

confidence-param = "CONFIDENCE=" (INTEGER / FLOAT)




Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."