[cap-talk] mailkey: transfer of accountability. Is this broken ?? should I start from scratch/horton ?

Thu May 31 17:40:30 EDT 2007

Rob Meijer wrote:
> After reading the horton paper, I have been trying to find out
> if and how the alternative protocol I designed for the mailkey
> anti spam project to take care of transfer of accountability are
> broken or not. I posted on this before, but as noone replied
> either possitively or negatively I am stuck with the uncertainty
> and do not realy dare to proceed on implementing it now.
> 
> I will try to rephrase my mailkey project so it would more fit
> OC and the horton alternative.
> 
> We start off with Alice having 5 references:
> 
> Alice -> AB1 -> Bob
> Alice -> AB2 -> Bob
> Alice -> AC1 -> Carol
> Alice -> AC2 -> Carol
> Alice -> Mediator
> 
> When Alice wants to introduce Bob and Carol she sends a message
> to Mediator:
> 
> Alice -> Mediator("introduce",AB2,"bob",AC2,"carol");
> 
> Mediator on receiving this message forwards the message to both
> its arguments, and both get forwarded to :
> 
> Mediator -> AB2("intro1",AC2,"carol")
> Mediator -> AC2("intro1",AB2,"bob")
> 
> As a result of these actions both AB2 and AC2 clone themselves
> into respectively AB3 and AC3.
> 
> After this, both AB2 and AC2 generate new messages:
> 
> AB2->AC2("intro2",AB3)
> AC2->AB2("intro2",AC3)
> 
> Now the intoduction gets finaly forwarded to Bob and Carol:
> 
> AB2->Bob("introduction",AB2,AC3,"carol")
> AC2->Bob("introduction",AC2,AB3,"bob")
> 
>>From the point where either "intro1" or "intro2" is received,
> AB2/AC2 stop forwarding to Bob and Carol respectively.
> 
> It may be important to note that in my concrete case, the mediator
> being used is internet e-mail combined with To and Cc mail headers, and
> all references in my case contain the full forgable e-mail addresses of
> the parties involved.
> 
>>From earlier mail on the list I get the feeling there should be something
> broken in this protocol, but I can't put my finger on what this would be,
> or
> if my special case for e-mail addresses may actualy be one special case
> that isn't broken while the general OC usage of the protocol would be.
> 
> I am realy interested to know if I am completely on a wong track here and
> should thus just throw away my design and start from scratch (with horton
> as a guideline), or if I could continue and start implementing the above.

I examined your approach, and it seemed pretty good to me, but I am no 
expert.

I suspect that Horton is in danger of disappearing up its own fundament 
- that it is losing contact with real world issues.  This, of course, 
may well be an indication of how ignorant I am about how to structure 
capabilities.  Seems to me that some of the things that Horton is 
attempting to do probably cannot be done, or even very clearly defined, 
with the result that it grows without limit in complexity, and declines 
without limit in comprehensibility.

This could, of course, merely be the incomprehension of the non expert 
denigrating the expert, but the fundamental problem is that 
"responsibility" cannot be everywhere well defined or adequately 
tracked, and so attempts to do so are likely to get us into bottomless mud.