On Fri, 9 Aug 2002, AARG!Anonymous wrote: < ... />
Not discussed in the article is the technical question of how this can possibly work. If you issue a digital certificate on some Gnutella client, what stops a different client, an unauthorized client, from pretending to be the legitimate one? This is especially acute if the authorized client is open source, as then anyone can see the cert, see exactly what the client does with it, and merely copy that behavior.
If only there were a technology in which clients could verify and yes, even trust, each other remotely. Some way in which a digital certificate on a program could actually be verified, perhaps by some kind of remote, trusted hardware device. This way you could know that a remote system was actually running a well-behaved client before admitting it to the net. This would protect Gnutella from not only the kind of opportunistic misbehavior seen today, but the future floods, attacks and DOSing which will be launched in earnest once the content companies get serious about taking this network down.
There are many solutions at the level of "technical protocols" that solve the projection of these problems down to the low dimensional subspace of "technical problems". Some of these "technical protocols" will be part of a full system which accomplishes the desired ends. Please contact me off-list if you willing to spend some money for an implementation. Your claim, if true, would also demonstrate that no credit card payments over the Net, no apt-get style updating, no Paypal-like system, no crypto time-stamp system, etc., can exist today.
If only... Luckily the cypherpunks are doing all they can to make sure that no such technology ever exists. They will protect us from being able to extend trust across the network. They will make sure that any open network like Gnutella must forever face the challenge of rogue clients. They will make sure that open source systems are especially vulnerable to rogues, helping to drive these projects into closed source form.
Be sure and send a note to the Gnutella people reminding them of all you're doing for them, okay, Lucky?
AARG!, this is again unworthy of you. You are capable of attempting to confuse and misdirect at a higher level. You might wish to emphasize that the real difficulties are at the levels where the reasons for the small usage of GNUPG lie. That really the "technical" details of the TCPA/Palladium system hardly matter. What TCPA/Palladium will allow is the provision to the masses of even more powerful brews of fantasy, game playing, advertising, etc.. And that there will be a small number of hobbyists who use the "unprotected ports of TCPA/Palladium" for their own limited experiments/amusements/etc.. The real point of TCPA/Palladium is that a "locus of trust", seemingly guaranteed by the Powers That Be, will be created, and that the existence of this same locus, under the facies of "locus of dealmaking/lawyering", will so reassure the Infotainment Arm of the Englobulators that the Arm will unleash its extraordinary forces to build and sell ever more entrancing Palaces of Dreams. The "unprotected ports" will allow a mostly self-supporting farm team system which will function without much direct oversight and little outlay of money by Englobulator Central or any of the Arms. The limited freedom of the Farm System, with its convenient pull strings, for the cases where something large and not controlled by Those Who Know Best takes off, will be a powerful lure to up and coming future Talent, who, when the time comes, may be Signed, without today's confusing and annoying possibility of continued independence. Indeed, the EULA of every system might have a section which binds users who display Marketable Things to an automatic Arbitration of Contract. oo--JS.