Re: Tipster voluntary payment protocol

2000-08-26 Thread Jeff Kandt 
others, and this is where I really want to be careful.

My initial motivation for designing Tipster was anger over how the 
labels are screwing musicians.  So I wanted to make sure to make it 
as hard as possible for intermediaries (who I think are still going 
to be necessary) in this new voluntary system to gain power over the 
musician.


I think one can design a much simpler system that meets your design 
goals. My suggestion would be to just have the artist's URL in the 
content and maybe a standard way for identifying the title of the 
work. If the artist obtains a URL that matches their group name 
exactly (www.moronenvy.com), that in itself could provide enough 
trust for transactions on the order of a dollar. The fan could check 
the artist's signature in other ways as well: from a commercial CA, 
from an artistic key server, from a key fingerprint printed on a 
concert program, from signed lists of artist keys circulated by self 
appointed notaries on music lists, etc.

The fan's client could download a list of acceptable servers and the 
artist's signature from the artist's URL. Each server would get a 
certificate from each artist when the artist agrees to let the 
server collect for them. This certificate would be signed by the 
artist and could have an expiration date. Artists would then have 
two ways to revoke a server's authorization: remove the server from 
the list of acceptable servers on the artist's web site or refuse to 
renew the server's authorization. No central revocation server or 
CRL is required. Adding a new server would simply require signing a 
cert and listing the new server on the artist web site.

There are details to be worked out o course, but I believe this 
would be a lot less complex and more effective than what you are 
proposing.


This sounds very similar to another suggestion I got for a simpler 
system.  The writer also suggested a system where the artists each 
register their own URL, except that he proposed delegating the trust 
issue to SSL.

http://tipster.weblogs.com/discuss/msgReader$58

A later enhancement used expiring server keys, as you suggest, to 
make revokation certs unnecessary, an idea I'll probably adopt.

http://tipster.weblogs.com/discuss/msgReader$68

Thanks very much for the feedback, Arnold.  I'm still digging.  Based 
on the comments I've gotten from you and others, I will be writing up 
some of the pros and cons of the various plans on my site and 
requesting another round of comment soon.

May I quote/post your emails?  (Or is there a web archive of these 
posts anywhere?)

Also, a new technology I've just been made aware of is TunePrint, 
which claims to be able to make a unique hash of any song, based 
purely on the audible signature of the song so that the "fingerprint" 
is the same no matter how it is compressed or encoded.  This has a 
big potential for voluntary payments, I think, though I haven't 
thought about it enough yet.

http://www.tuneprint.com

Thanks again!

-Jeff
-- 
------
|Jeff Kandt |  Voluntary Payments: A Napster-friendly  business  |
|[EMAIL PROTECTED] |  model for musicians. http://tipster.weblogs.com   |
|[PGP Pub key: http://pgp.ai.mit.edu/pks/lookup?op=getsearch=0x6CE51904 |
|  or send a message with the subject "send pgp key"]|
--

Re: Tipster voluntary payment protocol

2000-08-18 Thread Jeff Kandt 

On or about 12:57 PM -0400 8/17/00, Arnold G. Reinhold wrote:
I think a voluntary payment system is a fine idea, but I am not sure 
that your proposal address the right issues. If I understand what 
you are proposing correctly, your scheme allows a CD buyer to verify 
that a particular payment server is authorized by the recording 
artist to collect payments in their behalf. It does this by 
attaching server an artist URLs and sigs to the downloadable content.

Correct so far, except for the "CD buyer" part; this is for people 
who download their music from the net, even via peer-to-peer 
mechanisms like Napster.

First, why bother attaching all that info to the content? One can 
simply set up the servers and let them present signed credentials 
from the artists.

The reason for attaching the info to the file makes is that it makes 
it a no-brainer to pay for a song.  Just right-click on the file in 
the Windows Explorer/Finder and choose "Tip Artist". Or alternately, 
my MP3 player software might support it directly so that I can pay 
based on who I'm actually listening to most.

One of my primary goals is to make this as easy as possible for the 
consumer to send a tip, since the system only works if people are 
willing to do it on a regular basis.

Content is certainly one way to publicize the servers, but their are 
many other ways.  Why depend on the content uploaders to do this?

It would be the content encoders. Once the payment info is attached 
to the file, it will be there no matter how many times it gets 
swapped around.  Given a voluntary model, there's no motivation for 
anyone to strip it.

People ripping their own MP3s from CDs is, I think, a temporary 
phenomenon which will go away as soon as everyone realizes what an 
inefficient way of moving bits they are.

It won't be long before music will come straight from the artist in a 
compressed, net-friendly form.  If it's the artists creating the 
file, then they'd might as well stamp their contact info on it before 
releasing it to the world.


Second, it would seem you require the artist's cooperation. Some may 
not want to cooperate. Maybe that's OK: they don't get paid. But 
others --perhaps most-- could be barred from cooperating by their 
record companies. Their contracts may allow the record companies to 
control all uses of their name and may even give them access to the 
voluntary payments (if the contracts don't, they soon will.). The 
record companies may even sue the servers claiming they are 
interfering with the record companies contractual agreement with the 
artists.

I address exactly this issue here:
http://tipster.weblogs.com/discuss/msgReader$31


A better approach might be to set up one or more servers that 
collects money as a way of voting for people's favorite artist. The 
funds collected would be placed in one of several audited escrow 
accounts: in the artist's name, if they give permission, in an 
account dedicated to a charity that the artist designates, or, if 
neither is available, one of several music-related charities 
(pension funds, libraries, museums, etc.) that the donor can select. 
A small portion, say 5-10%, would go to pay for the server expenses.

Tipster should support this, since it is payment-method agnostic. 
One of the payment methods could be an escrow account, etc.


The recording industry can be expected to try to shut down any 
voluntary payment system, so careful legal design is more of an 
issue IMHO than cryptographic protocols. A reputable bank as escrow 
holder and CPA firm should provide enough trust.

The recording industry has no reason to shut down a voluntary payment 
system, since their music won't be a part of it until they decide 
they're missing out on revenues.  See the url referenced above

Also, note that there are elements of the Tipster design that are 
intended to keep the Artist in control of their revenue stream by 
facilitating multiple, redundant streams.

See http://tipster.weblogs.com/discuss/msgReader$12

Thanks for the reply,

-Jeff

-- 
--
|Jeff Kandt |  "When cryptography is outlawed, bayl bhgynjf  |
|[EMAIL PROTECTED] |   jvyy unir cevinpl!"  -Brad Templeton of ClariNet |
|[PGP Pub key: http://pgp.ai.mit.edu/pks/lookup?op=getsearch=0x6CE51904 |
|  or send a message with the subject "send pgp key"]|
--

Tipster voluntary payment protocol

2000-08-17 Thread Jeff Kandt 

"Tipster" is the name I'm using for the voluntary payment scheme I 
posted to the coderpunks and cypherpunks lists (among others) a few 
weeks ago under the title "Kill the RIAA: a protocol."

http://www.inet-one.com/cypherpunks/dir.2000.07.24-2000.07.30/msg00387.html

Since that post, I've set up a weblog to track the development of the 
protocol and related voluntary payment issues, and just tonight I 
finished the first draft of the cryptographic protocol which enables 
Tipster's authenticated connection mechanism.

I would appreciate feedback.

http://tipster.weblogs.com

Thanks in advance.

-Jeff
-- 
--
|Jeff Kandt |  "When cryptography is outlawed, bayl bhgynjf  |
|[EMAIL PROTECTED] |   jvyy unir cevinpl!"  -Brad Templeton of ClariNet |
|[PGP Pub key: http://pgp.ai.mit.edu/pks/lookup?op=getsearch=0x6CE51904 |
|  or send a message with the subject "send pgp key"]|
--