[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: politics etc. (usual top-posting apology)




On Wed, 1 Feb 2006, Alex Shinn wrote:

> This is an interesting compromise, but I wouldn't call it secure.  As
> soon as you leave something up to "community sentiment," you've lost
> security, as there's nothing stopping people from creating their own,
> conflicting top-level authorities.  Further the model itself doesn't
> guarantee that each top-level authority itself is secure.

> But perhaps we're thinking of different meanings of "secure" here.
> I'm claiming that to be secure there must be a unique mapping from
> name to entity, and this has to be _verifiable_ by automated means.
> In terms of Zooko's Triangle, the verification can either be
> decentralized (by making the name itself a signature), or
> human-readable, by establishing a trusted authority which can answer
> "who does this name belong to?" but you can't have both.

So no anonymous authors of code can exist in a secure system?
I don't actually like that definition.

I just realized something in the shower as I was getting ready
for bed (it's been a long day, I got up at 2 am...).  If we're
going to have a system governed by keys and signatures, we need
a way to repudiate those keys and signatures.

I don't want to go too far into details as I haven't had much time
yet to think about it, but there needs to be a mechanism for warning
people away when it is discovered, for example, that (Snidely-Whyplash
smtp-lib) contains a back door that makes it likely that a server
using it will be used to send spam.

Without resorting to a central authority, I think that maybe the
author of each and every library ought to be able to repudiate any
other author, with the effect that no program containing libraries
written by both authors when such a repudiation is found will
compile.

You'll get an army of sockpuppets for each cracker, of course, but
I'm thinking most sockpuppets will be too short-lived to have their
code widely relied upon by other programs, and widely-used libraries
by people known to be honorable will be the trump card in such
disputes.  And this doesn't even require that the authors be
identifiable as particular human beings.

					Bear