Re: Your source code, for sale
Ben Laurie made a lot of useful points. However,...
Simultaneous release is (provably?) impossible without a trusted third party.
I don't think I believe this. Or at least, I don't think it's true to the extent necessary to make the original application impossible. Consider: I send you money for naked photos of Geri Ryan (that Borg chick with the ASS-KICKING hips). The money is "encapsulated"...you can its there, but you can't get at it. You send me encapsulated photos, perhaps with thumbnails on the outside. I see the thumbnails and click to send the pre-release. You see the pre-release arrive and click the release for the photos. My photo-bundle receives the releases and opens, and then shoots off a message that activates the pre-release on your end, giving you the cash. Is a 3rd party necessary here? I don't see it, but then again I could be wrong. -TD _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
On Fri, 05 Nov 2004 10:01:41 -0500, Tyler Durden <camera_lumina@hotmail.com> wrote:
... My photo-bundle receives the releases and opens, and then shoots off a message that activates the pre-release on your end, giving you the cash.
Is a 3rd party necessary here? I don't see it, but then again I could be wrong.
What if I block the outbound "release the money" message after I unbundle the images. Sure, I've already committed my money, but you can't get to it. In effect I've just ripped you off, because I have usable product and you don't have usable money. The proof of delivery comes in handy here, so that as soon as I can prove to the bank that my product has arrived within your administrative area, they'll pay me. And the bank sends me a key to unlock the product as soon as it sends you the money. And what *GUARANTEE* do I have that the blob of bits you sent me with the Geri Ryan photos on the outside isn't something from goatse.cx or tubgirl...? Let's say there are 24000 items in the tarball of the IOS code. Do you want to pay $24K for all of them (once) or $12K for half of them (twice) or $1 per file or directory (24000 times)? Do you want to pay per committed bit or character? How can you protect yourself from me committing to sell you /dev/random? I'm sure everyone has this bit committed to memory, but the beginning of Applied Crypto, chapter 2 says: ============================================= Protocols have other characteristics as well: -- Everyone involved in the protocol must know the protocol and all of the steps to follow in advance. -- Everyone involved in the protocol must agree to follow it. -- The protocol must be unambiguous; each step must be well defined and there must be no chance of a misunderstanding. -- The protocol must be complete; there must be a specified action for every possible situation. ... The whole point of using cryptography in a protocol is to prevent or detect eavesdropping and cheating. ============================================= That last property is critical: what does the protocol do when someone isn't playing by the rules? Of course, there's nothing that crypto can do to prevent you from selling me garbage, only the fact that you intentionally did so can be proven. Comment about bribing the dockside worker at the shipping line deleted. -- GDB has a 'break' feature; why doesn't it have 'fix' too?
participants (2)
-
Chris Kuethe
-
Tyler Durden