zaphodiv
December 24th, 2002, 02:56 PM
In another thread Method wrote
>There are companies trying to pollute networks
>hashing helps protect against this
I suspect that services which recommend known good
files will be attacked legally eventually. It would
be good to decentralise this so it can't be stopped by
taking down a dozen websites. It could be done several
ways, you have to trust someone.
A) a few groups broardcast reviews of known good
files on the network, clients cache the reviews and
allow browsing and searching. Message signing prevents
making a fake message that appears to come from
a trusted person.
The maker of the program can put in keys for people
from sharereactor etc. New file reviewers can give
people their public key in forums like this, people
will hear about them if they do a good job.
B) Try to distribute checking of files. Hassle the
user to mark files which are good. A funded attacker
can appear on the network with thousands of different
identitys and reccomend faulty files so you need
a clever trust model not voting. Perhaps you trust
people who reccomend files you know are good and
you trust people who are trusted by people you trust.
I'm not sure if the chain of trust will go far enough.
Any trust model experts around?
comments?
>There are companies trying to pollute networks
>hashing helps protect against this
I suspect that services which recommend known good
files will be attacked legally eventually. It would
be good to decentralise this so it can't be stopped by
taking down a dozen websites. It could be done several
ways, you have to trust someone.
A) a few groups broardcast reviews of known good
files on the network, clients cache the reviews and
allow browsing and searching. Message signing prevents
making a fake message that appears to come from
a trusted person.
The maker of the program can put in keys for people
from sharereactor etc. New file reviewers can give
people their public key in forums like this, people
will hear about them if they do a good job.
B) Try to distribute checking of files. Hassle the
user to mark files which are good. A funded attacker
can appear on the network with thousands of different
identitys and reccomend faulty files so you need
a clever trust model not voting. Perhaps you trust
people who reccomend files you know are good and
you trust people who are trusted by people you trust.
I'm not sure if the chain of trust will go far enough.
Any trust model experts around?
comments?