btw with nodes for transport security you might use self-certifying keys. Referring to Zooko's triangle, then the key is the node identity. Similar to a bitcion address. So then just another ECDSA key and use emphemeral ECDH for transport authenticated with the nodes key.
Maybe there can be some value to reputation to a node - eg it can charge a higher micropayment for its p2p network services, a node with a good reptuation could charge a higher micropayment for relaying (though bitcoin itself probably doesnt like micropayments as bloating the transaction log). Another ZKS era idea I had was to have a gossip protocol for users to find out what other people think about the trustworthiness and reliability of nodes. If that info is distributed via gossip over multiple channels and network connections over time, and kept in something like a gnutella host cache (just a cache of random info with some eg random replacement policy) it becomes very hard for a dishonest node to censor evidence of its low reputation. It is best as Gregory said to be able to directly prove, and punish by block-chain validation, because that is more smart-contract like. Bisbehave and nodes wont connect to you or lose somehow. But what exactly could you prove about a node? You dont really know if a node is an originator for a double spend, it could be relay. And for privacy and security you cant expect the node to use its coin address private key. Hmm: maybe one could use a Brands private credential with offline double spend detection, with the reputation but not coin address of the node disclosed, and the nodes coin address embedded in the proof. Each node could be is own CA, providing a ZKP. If the node ever double spends a coin, it loses its reputation as the coin address is revealed. btw another old idea was to require proof of the existance of the private key of a high value coin in the double-spend revealed information. Then basically to get a higher good-behaviour bond, the node ties up more coins, and if a node cheats, the first person to discover this collects the forfeited good behaviour bond. Adam ps I have an opensource openSSL based Brands (& Chaum) credential library at http://www.cypherspace.org/credlb/ I didnt actually implement the ECDL version, just the DL version, but that is not so hard, and its on my todo list. (There is also a strong RSA assumption version, also not implemented). On Mon, May 06, 2013 at 11:01:22AM -0700, Gregory Maxwell wrote: >> 1) Non-repudiation is only useful with fraud proofs, and they will have >> to be thought out for everything the node might claim. > >That isn't so. If a node is reliably rogue I can go manually gather >evidence and people can manually take action against it. Consider the >DNSseeds, right now fraud proofs really wouldn't matter— the limited >amount of trust put in those things is based not on "oh no, nodes will >ignore you in the future if you're bad", it's based on the ability of >misconduct to sully the operator's reputation. > >But without non-repudiation the ability to tie reputation to good >behavior is fairly limited especially if they perform targeted >attacks. "Wasn't me" > >Instead— I'd argue that non-repudiation is always useful when there is >trust. It's things like fidelity bonds— a trust generator that depend >on automatic enforcement— that are only useful with fraud proofs. > >> Anyway, the concept of a per-node identity keypair is the first step >> towards non-repudiation, and implementing SSL transport. > >Yea, indeed, per-node keys are useful for a bunch of things. Care is >needed to avoid problems like deanonymizing use over tor with them. > >------------------------------------------------------------------------------ >Learn Graph Databases - Download FREE O'Reilly Book >"Graph Databases" is the definitive new guide to graph databases and >their applications. This 200-page book is written by three acclaimed >leaders in the field. The early access version is available now. >Download your free book today! http://p.sf.net/sfu/neotech_d2d_may >_______________________________________________ >Bitcoin-development mailing list >Bitcoin-development@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/bitcoin-development ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development