[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [freehaven-dev] Publius
Here's some of the differences between us and them that I see on a first
* They borrow the concept from TAZ/Rewebber of having multiple
proxies "decode" a URL to point to shares of a document. This means
that they can implement the client by a proxy which understands
these weird URLs and plugs into a browser.
This has the significant advantage of allowing hyperlinks within
the Publius system, since they look like a funny kind of URL. Then
these links can be served just like http links.
* However, they seem to punt on the question of how to prevent
someone from following the link back ("use Crowds") in section
* They're using plain vanilla Shamir secret sharing. Among other
things, this means that if a share or shares is damaged, they can't tell
until after the document reconstructs to garbage, and so in the worst
case they have to try all combinations of shares to figure out which are
good and which are bad (section 3.3).
That's kind of suboptimal, but I don't see yet why they couldn't use
IDA or some kind of scheme where bad shares are immediately
* They don't have the notion of a "trust network" that we do. In fact,
I'm not sure where they expect their servers to come from. They *do*
discuss what happens if servers go bad in section 5, but they don't
offer much more than "make the number of servers required to reconstruct
very big" and then "make publishing content expensive" as a solution,
either via e-cash or hashcash.
There is a suggestion that a threshold of servers (in terms of the
number of shares the document is split into) must be corrupted in order
to do something bad. Their discussion of this is a bit brief, though.
I think that under the assumption that the broadcast reaches everyone,
and neglecting trading, we may have similar threshold guarantees to
* They allow unpublishing and updating of content. They do discuss
rubber hose cryptanalysis in section 5.5, but I can't make out what
they're saying in the publisher case -- it looks like they are
discounting the possibility that the adversary will guess a publisher
and then try to beat the unpublishing key out of him.
* No trading.
On Sun, 30 Apr 2000 email@example.com wrote:
> Looks like related work to me...