On Tue, 30 Jul 2002 20:51:24 -0700, you wrote:
When we approve a file, all the people who approved it already get added to our trust list, thus helping us select files, and we are told that so and so got added to our list of people who recommend good files. This gives people an incentive to rate files, since rating files gives them the ability to take advantage of other people's ratings.
If onr discommendd a file, those who discommend it are added to our trust list, and those who commended it to our distrust list. If, as will frequently happen, there is a conflict, we are told that so and so commended so many files we like, and so many files we dislike, so how should future commendations and discommendations from him be handled.
Such an approach suffers from the "bad guy" occasionally signing a good file, thus placing himself on the trusted signer list. A better approach is for the downloader to create his own trusted list, along the lines of PGP web of trust. Ideal for exactly this application. The downloader can add and subtract from the trusted signer list at will, with no central control. Since one must expect some trusted signers to get busted and move to the dark side under court order, such downloader control is necessary. Problematic is that mp3 and other compression processes do not generate bit-identical files. Two perfect mp3 files may have different md5 hashes, for example. A tool for making bit-identical mp3 files from the same digital input is needed, so that a single signed hash can verify the same file from multiple origins.