Re: [freehaven-dev] Why trade?

[Roger Dingledine <arma@mit.edu>]

On Mon, Feb 28, 2000 at 09:50:44PM -0500, Roger R Dingledine wrote:
> Q. Why do you trade, anyway? Isn't it just added complexity? Wouldn't it
> be safer to just trade once, and then you'd know where your share was?
> This would increase reliability and accountability, right?
> 
> A. There are a number of reasons why we trade:
> 
> * Greater anonymity: if trades are common, then there's no reason to assume
> that somebody offering a trade is the publisher of a share. Even if the
> mixnet protects the identity of a servnet operator, nodes could still start
> rejecting trades from other nodes based on "what they've provided in the
> past".
> 
> * More dynamic: frequent trading makes adding and dropping nodes transparent. If
> shares were just traded once, servnet nodes would have to support extra
> protocols for dropping out of the network politely (negotiating a new keeper
> for the share, informing the publisher of the move, etc).
> 
> * Can handle longer expiration dates: long-lasting shares woulud be difficult
> to trade away and rely on, if trading them involved finding a server that
> promised to be up and available for the next n years.

* Accomodates ethical concerns from servnet operators: if there's a particular
piece of data that an operator does not wish to be associated with, and he
notices that he's storing that data, frequent trading makes it easy and
unsuspicious to trade it away. Operators that do not have this flexibility
would end up just dropping data they don't like, or not participating in
the servnet.

* Provides a moving target: we rely on the security of the mixnet to protect
the identity of servnet operators. However, if trading doesn't happen, an
organization will learn that a given document lives at the other end of a
certain mixnet address, and that it has five years to break it. Encouraging
shares to move from node to node through the mixnet means that there is never
any specific target to attack.