-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:10 PM -0700 4/24/03, Bill Stewart wrote:
Hettinga would probably contend that the first-use model is much cheaper and more efficient, because it avoids the costs of creating and tracking user identities and tieing it to the world in book-entry fashion.
Actually, I prefer a first-use model *with* something like "identity" checking, kind of a belt-and-braces approach. When someone pops up with a double-spent coin, the mint can say "nope, can't honor it, here's the key that double spent it, though; have fun." OTOH, as a financial intermediary, the underwriter would make absolutely *no* effort to keep track of who had what key, at all. The whole process would rather tartly teach people *never* to take offline transactions, and, more to the point, reject transactions from a given double-spending key *if* that key ever comes around again. But, as I've noted before, all this haggling about amateur protocol design is, frankly, a waste of time. Folks (meaning people who write code) have *had* the protocols, for years now, at least three protocols that most people would trust to use for unity-tested transactions above, say, a quarter: Chaum, Brands, and Wagner, and, on a prima facie basis, Wagner's unencumbered by patent, which makes it first in line for experimental use. And, as you noted, Bill, the trick is the business model, and that's been figured out for at least 4 or 5 years as well :-). That is, plug them into an accepted book-entry reserve-value/ transaction execution - - -clearing -settlement system, like one of the digital gold currency systems, or PayPal, or ATM/ACH, or a central securities depository system on the back end, front-end a mint to the web and a decent internet-level transaction-exchange protocol, and see what happens. Folks are fairly close to being able to do that now, from the way *all* of those book-entry transaction systems have grown themselves into the net over the past 5 years or so, *including* the central securities depositories and clearinghouses. Even PayPal has loosened up their end-user agreement within the last two months or so for what looks like gold-currency exchange providers. Certainly John Muller, their Corporate Counsel, is completely familiar with those internet bearer transaction protocols and what they can do, so when someone walks in the door there with something that is at least as secure as their system is, it'll probably get a polite hearing. You can certainly bet their management, much less their tech people, knows about the financial cryptography and network security issues. As far as the digital gold currencies themselves are concerned, people can pretty much do something now, with not too much of a push, because at least two gold currency operators that I know of, GoldMoney and e-Gold, have both actively encouraged people's efforts to make that happen. As Patrick McCuller (the other Patrick :-)) chugs along with the code for Lucrative, it won't take too much to plug a Wagner mint into the shopping-cart interface of an existing value-exchange system like GoldMoney or e-Gold, which Patrick has already worked on doing, and hang out one's underwriting shingle to see what happens. BTW, kudos to Lucky for volunteering a box for Patrick to test Lucrative on so this can happen faster. It's going to get interesting, folks, and pretty soon, I think. It'll be nice to see if the economics of all of this is going to actually work, finally. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqjWsMPxH8jf3ohaEQJdngCg5bhcubb4ljjgJW9cRrCW0LR8bEkAnRwb bBFdyOhO3Q7Q5aDfMK5Qkke4 =kZMS -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'