Hollywood Hackers

[Anonymous]

On Tue, 30 Jul 2002 20:51:24 -0700, you wrote:
> When we approve a file, all the people who approved it already get
> added to our trust list, thus helping us select files, and we are
> told that so and so got added to our list of people who recommend
> good files.  This gives people an incentive to rate files, since
> rating files gives them the ability to take advantage of other
> people's ratings.
>
> If onr discommendd a file, those who discommend it are added to
> our trust list, and those who commended it to our distrust list.
> If, as will frequently happen, there is a conflict, we are told
> that so and so commended so many files we like, and so many files
> we dislike, so how should future commendations and
> discommendations from him be handled.

Such an approach suffers from the "bad guy" occasionally signing a good file, thus placing himself 
on the trusted signer list.

A better approach is for the downloader to create his own trusted list, along the lines of PGP web 
of trust. Ideal for exactly this application. The downloader can add and subtract from the trusted 
signer list at will, with no central control. Since one must expect some trusted signers to get 
busted and move to the dark side under court order, such downloader control is necessary.

Problematic is that mp3 and other compression processes do not generate bit-identical files. Two 
perfect mp3 files may have different md5 hashes, for example. A tool for making bit-identical mp3 
files from the same digital input is needed, so that a single signed hash can verify the same file 
from multiple origins.