[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [freehaven-dev] Deletion of documents
Brian raised another issue at the meeting today :
* The y values are public, so other people can incorporate the y value
from one share as the self-destruct code for another, completely
unrelated share. This allows two things :
1) A publisher can be "linked" to a share which he did not
actually publish. Suppose Roger publishes crypto-anarchist
tracts with a certain value of y. I can create a share of
kiddie porn with the same value of y and distribute it widely.
When the State raids Roger looking for subversive material,
they find that his value of x also unpublishes some kiddie porn.
This is either good or bad, depending on how it's interpreted
- good : because someone can do this, it raises reasonable
doubt about Roger publishing kiddie porn
- bad : it doesn't raise enough doubt to get Roger
off the hook.
2) We can have situations in which a single self destruct code
destroys lots of unrelated data. Some of which we may want to
keep. This is no problem if we know ahead of time what data
corresponds to what y value - we can pull it out and submit with
a new y value.
If we don't know, and we release an x value...
We might then want something which retreives shares based on
what y value they have. This wouldn't completely solve the
problem, since between the last time we check and the time
we release x, some new data may be added.
These properties do not seem to arise with the "unpublish requests signed
by same private key used to sign shares." This is because no one other
than the original publisher has the private key, and therefore cannot
cause any new shares to be unpublish-able by means of that key.
On Sat, 11 Mar 2000, Ron Rivest wrote:
> Why not just publish a value y=SHA1(x) with a document. y could exist
> with each share. When x is revealed, anyone holding a share with
> "self-destruct code" y should delete their share...