[p2p-hackers] Identity Crisis: Anonymity vs Reputation in P2P Systems

Sam Joseph sam at neurogrid.com
Fri Mar 19 03:30:52 UTC 2004 

Hi Wes,

Wes Felter wrote:

> On Mar 18, 2004, at 1:01 PM, Sam Joseph wrote:
>
>> Interestingly they use metadata to mediate their concept of authenticity
>
> What is interesting to me is that the stuff about metadata and 
> authenticity is pretty much irrelevant to the paper. If the receiver 
> of the file used arbitrary criteria to decide whether the file is good 
> or bad, the results would have been similar AFAICT. 

I'm not quite sure what you mean by arbitrary criteria.  Like deciding 
whether the file was good or bad depending on the file length?  If they 
used arbitrary criteria then mailiciously provided files would be 
accepted by the user.  i.e. they'd open what they thought was some 
helpful software, and find it was a worm or something.

In order to actually implement the system you would have to have some 
sort of authentication server and some approach to handling the meta-data.

I think the interest comes from what type of meta-data you are using.  
If your meta-data was a file hash, then you could check the integrity of 
the file without having to go to some central authenticator. You'd have 
a computational cost instead.

I think you could argue that meta-data was irrelevant to the paper's 
results since authentication could be achieved by submitting a 
downloaded file along with your serach criteria to some authority 
(although I think the meta-data example makes it easier to understand 
the problem they are looking at).  However authentication seems to be 
very strongly related to what the paper is about.  Not the process of 
authentication necessarily, but the cost associated with it. 

And if we are seeing the results of the costs of authenticity in the 
paper, then this raises the question of what types of meta-data to use, 
e.g. if we say that in order for good performance we need a centrally 
managed login, then systems which wanted to be totally decentralised 
might restrict authentication to locally authenticable file-hashes.

CHEERS> SAM

More information about the P2p-hackers mailing list