[cap-talk] Simple Cooperative File Sharing (SCoopFS), the "F" is silent
Karp, Alan H
alan.karp at hp.com
Mon Mar 9 18:54:01 EDT 2009
James A. Donald wrote:
> The system relies on email to provide human memorable,
> globally unique, designations. These are used for the
> initial contact to set up secure Zooko type webkey
> designations. Thereafter, everything is secure, thanks
> to a buddy list based on Zooko's triangle, and email
> designations no longer necessary or used.
Not necessarily email, but that's the most common.
> But translation between email and Zooko, setting up
> buddies, is both a security burden on users, and a
> source of security weakness.
Correct. Fortunately, having the fingerprint of the server's public key in the domain name lets us use the telephone to verify that there's no man in the middle.
> Further, though in an email based world we need to start
> from email, we really want to have in sight a world with
> no more email.
I wouldn't go that far. Email is convenient for the legitimate "unexpected sender," such as the old college buddy or the call for papers. Some people must even like spam, or they wouldn't be buying all those male enhancement products.
> If people are already on the system, they could get new
> buddies from multiple recipients on a message, but we
> really want a way to add new buddies from an out of band
> communication. At present this is done by communicating
> an email address out of band.
Exactly. Our intention is to implement the introduction protocol, but we didn't get to it, which is why the CC and BCC buttons are disabled. Still, there will always be a need to make new connections between disjoint subgraphs.
> 1. a way to refer to entities by their Zooko id, so
> that petnames in messages between buddies appear as
> hyperlinks with anchor text expressed as the local
I don't understand this proposal. Are you saying we should examine the body of the message for petnames? What would you do with something like, "Alan told me that a friend named his son Alan."
> 2. a way to perform initial communications with non
> buddies, so that one can add buddies to the system based
> on out of band communication using humanly manageable
> bandwidth independent of the email name system.
The webkey used to create a new connection is pure data and can be communicated any way you like. For example, I used a USB drive to move the webkey between my work and home machines.
> A Zooko/webkey based system must start in a world where
> email and therefore email designations are pervasive,
> but should aim for a world in which email is no more.
A bit extreme for my taste, but I guess you and I don't have to inhabit the same world.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk