Re: [freehaven-dev] New trading/trust proposal for FH online

[Roger Dingledine <arma@mit.edu>]

On Sun, Jul 30, 2000 at 12:39:23AM -0400, Michael J. Freedman wrote:
>    "Towards a simplified trust network and trading protocol."
>    http://freehaven.net/doc/hash-space.ps
>   
> Comments, critiques, and suggestions are eagerly awaited...
 
Looks like a reasonably self-consistent idea.

My nit-picks:
a) what if C returns an incorrect hash of share+nonce? how does B know
it's incorrect?

b) need to keep track of how frequently a given document is queried --
I can see a scenario where A and C are conspiring: A queries B which
queries C, and A does this every 5 minutes. B pumps up its trust in C
greatly, because it's just done ten thousand successful queries. this is
easier to solve than the issue above.

my overall response is that we need to scrap the current free haven
design. ;)
we should seriously consider if we can get the same data persistence
guarantee out of exploiting massive parallelism (like what mojo
nation is trying to do, or like what prof rivest originally suggested
with the 'send it to everybody and some of them will keep it'). because
trying to control data in a fine-grained micromanaged approach really
isn't going to work as well as we want.

i'm also in the process of mulling over our notions of anonymity, since
mojo nation does not provide server anonymity (i can look up via the
contenttracker which sites are hosting which blobs, and i know that
they have a chunk of the document) but obviously it would be impossible
to 'kill' the document since it's stored in so many places. but at the
same time, this aspect of 'disclosed location' makes it undesirable for
companies to run mojo nation servers if the law doesn't explicitly state
that they have plausible deniability.

--roger