Re: [freehaven-dev] some trust thoughts

[Brian T Sniffen <brians@MIT.EDU>]

"Michael J. Freedman" <mfreed@MIT.EDU> writes:
> This is slightly a different situation that normal.  It's B's
> decision-making and ability to trust others that is faulty, not it's
> ability to not drop shares.  Still, I think we should consider this
> the same: even if B has "good intentions," A really only cares if B
> can ensure that shares it receive will stay in the servnet.  It's
> failed in this regard, be it by poorly trusting C instead of
> dropping foo itself.  But I don't think that matters much.
>
> Thoughts?

There is a difference.  The trust that "C will keep a share in the
servnet" should be decreased.  That assertion is less trusted for B as
well.  We also want to decrease trust that "B is smart about trusting
people," however -- maybe because we've been believing his broadcasts
about trusting people, maybe because he's been acting as an
introducer, maybe because he's been writing articles on trust for the
message boards, and we now believe he's not very bright.

Also, while we don't trust B (as much as we did) to keep something in
the servnet, he's not _evil_.  He has a receipt from someone else for
the share.  I think that we should be (in general) slower to lose
trust in someone like this.  At least, we should lose trust in them no
more than we do in ourselves.  That is, the share went (A -> B -> C).
C dropped it.  If we consider that B has traded it poorly, so has A.

It would be nice to trust B so long as he says, "C dropped this, it's
being bad!"  There are some obvious problems with that... on the other
hand, reducing trust in B reduces the useful work an evil node does
below 50%: in addition to walking off with as much data as they'd
previously stored, and leaving an equal amount of garbage in the
servnet, they now get a chance to rip gashes in the trust network.

-Brian