This page is part of the web mail archives of SRFI 84 from before July 7th, 2015. The new archives for SRFI 84 contain all messages, not just those from before July 7th, 2015.
On Wed, 1 Feb 2006, Alex Shinn wrote: > This is an interesting compromise, but I wouldn't call it secure. As > soon as you leave something up to "community sentiment," you've lost > security, as there's nothing stopping people from creating their own, > conflicting top-level authorities. Further the model itself doesn't > guarantee that each top-level authority itself is secure. > But perhaps we're thinking of different meanings of "secure" here. > I'm claiming that to be secure there must be a unique mapping from > name to entity, and this has to be _verifiable_ by automated means. > In terms of Zooko's Triangle, the verification can either be > decentralized (by making the name itself a signature), or > human-readable, by establishing a trusted authority which can answer > "who does this name belong to?" but you can't have both. So no anonymous authors of code can exist in a secure system? I don't actually like that definition. I just realized something in the shower as I was getting ready for bed (it's been a long day, I got up at 2 am...). If we're going to have a system governed by keys and signatures, we need a way to repudiate those keys and signatures. I don't want to go too far into details as I haven't had much time yet to think about it, but there needs to be a mechanism for warning people away when it is discovered, for example, that (Snidely-Whyplash smtp-lib) contains a back door that makes it likely that a server using it will be used to send spam. Without resorting to a central authority, I think that maybe the author of each and every library ought to be able to repudiate any other author, with the effect that no program containing libraries written by both authors when such a repudiation is found will compile. You'll get an army of sockpuppets for each cracker, of course, but I'm thinking most sockpuppets will be too short-lived to have their code widely relied upon by other programs, and widely-used libraries by people known to be honorable will be the trump card in such disputes. And this doesn't even require that the authors be identifiable as particular human beings. Bear