On Wed, 31 Jul 2002, Anonymous wrote: > Such an approach suffers from the "bad guy" occasionally signing a > good file, thus placing himself on the trusted signer list.
This assumes a boolean trust metric. What you need is a trust scalar, and a mechanism to prevent Malory poisoning it. It should use scarce resources (e.g. crunch) to generate a trust currency in each node, a kind of decentralized mint (nothing crunches quite a few million boxes on the Net). Clearly there will be some inflation, as systems tend to get faster these days. The algorithm should resist FPGAzation, too (Mallory is inventive). > A better approach is for the downloader to create his own trusted > list, along the lines of PGP web of trust. Ideal for exactly this The infrastructure needs to be hidden out of view. If you query the net for a specific document, those signed by most trusted parties should come up first. And when you download and sample a document the GUI should offer positive/negative karma buttons for easy grading. > application. The downloader can add and subtract from the trusted > signer list at will, with no central control. Since one must expect > some trusted signers to get busted and move to the dark side under > court order, such downloader control is necessary. > > Problematic is that mp3 and other compression processes do not > generate bit-identical files. Two perfect mp3 files may have different > md5 hashes, for example. A tool for making bit-identical mp3 files Doesn't matter, as long a single good copy gets out & gets amplified. Plus, you can get different cryptohash URIs for minor variations on content, as long they're published by somebody trusted. > from the same digital input is needed, so that a single signed hash > can verify the same file from multiple origins.