Yongqian Li wrote: > A trusts > the validity of those signatures porportional to their > rep. If the rep of C and D are high, then B probably > did insert those files. If the rep of C and D were low > though, B probably faked those identities. > > Would this work? What do you guys think?
It's an interesting idea, but it raises a few questions: * Are the reputations 'private' (each node keeps its opinion to itself) or 'public' (nodes share their opinions)? * If the reputations are private, how does a node estimate the trustworthiness of an identity it's never heard of before? * If the reputations are public, how do you prevent nodes from lying, either to tarnish the reputation of good nodes or to cover up the behaviour of bad nodes? * How do you prevent an attacker from generating a large number of identities that make positive reports about one another (Sybil attack)? * If the reputations are public, where are they stored? How do you prevent attacks on the storage/retrieval mechanism? * Can reputations be negative as well as positive? * If reputations can be negative, how do you prevent nodes from generating new identities to escape bad reputations (whitewashing)? * If reputations can only be positive, do new nodes start with a zero reputation or a slightly positive reputation? * If new nodes start with a zero reputation, why should anyone trust them? * If new nodes start with a slightly positive reputation, how do you prevent nodes from generating new identities to return to a slightly positive reputation (whitewashing again)? Cheers, Michael
