[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [freehaven-dev] Why Unpublishing Is Not Allowed
----- Original Message -----
From: "Roger Dingledine" <email@example.com>
Sent: Tuesday, March 14, 2000 7:40 PM
Subject: Re: [freehaven-dev] Why Unpublishing Is Not Allowed
> On Tue, Mar 14, 2000 at 07:23:13PM -0600, Brett Wooldridge wrote:
> > I would argue that the risk is for the publisher to take -- if he/she so
> > chooses. Assuming that unpub/mod requests *are* authenticated; assume
> > further that this is done by digitally signing the document (or it's shares).
> > If I wish true anonymity, I can simply use a throw-away key -- and do just
> > that, throw it away after publication. If however, I decide to take the risk --
> > which isn't that risky if I keep all my document keys encrypted -- then I can
> > present the requisite credentials to remove/alter the document.
> > brett
> Brett: you should give a brief introduction of yourself and your interests
> with free haven, since nobody but me knows who you are. :)
Sorry to just leap in. Roger, found me over on the freenet list -- complaining
about their lack of reprudability -- and suggested that I might be interested in
the free haven project. I live in Austin (Texas) and am an Associate Fellow at
a startup here in town -- Journée Software. My work background is primarily
in high-availability server designs and distributed computing. But among
my personal interests is encryption. I have been interested in developing
a "blacknet" for a little over a year, but have not found any efforts underway
with the design I have in mind. Free Haven is no different. :| Nevertheless,
am interested in contributing to all efforts toward anonymous, redundant,
> As for unpublishing, our main argument against allowing unpublishing is
> that if the protocol does not support it, then there's no reason to even
> consider that the publisher has the means to unpublish it. If there's even
> a possibility that he didn't throw away his key (or more generally, if
> there's any reason to suspect that a given person might possibly have the
> means to unpublish a document), then the government should grab him and
> torture him just in case he still has it.
This in an interesting point. However, there is the possible solution in that
*two* (or N) parties could be required to unpublish a document -- depending
on how many signers it has at publication.
> As a second point, I'm concerned that allowing unpublishing
> will open the flood gates to many new attacks and exploits that we haven't
> considered very thoroughly yet.
Agreed. This means that they would need to be considered thoroughly. :)
> And as a fourth point (this one is hardest to defend), I really don't
> see any reason why somebody should want to alter or remove a document they
> submit -- the free haven service is meant to be a longterm robust
> distributed persistent anonymous storage system, not a filesystem.
What happens if I find that I left a few steps out of my soap recipe after I've
published. Instead of soap, hapless users will be making nitro-glycerine. How
do I revise or remove it? A poor example, I admit, but many people won't want
their publication to be final. What if a political dissident publishes a work
under his real name, but then thinks better of it? Urgently. :) Truth is, its as
soon as one says "no one needs to", they will be a million users begging for
it -- some with better reasons that I can contrive.
> Thanks for the input!
> Let's keep the ideas flowing on this until we all agree,