RE: Announcing Droplets Tyler Close (
Tue, 28 Sep 1999 20:05:47 -0400

> Very cool!! Congratulations Tyler!!!!

Thanks Mark. That means a lot coming from you.

> >Since ERTP supports
> >secure anonymous transactions, Droplets might be
> the only currently deployed
> >software that supports blind transactions.
> I think I understand what Tyler means here, but
> let's be careful. Within
> ERTP, someone can supply an Issuer that provides
> for blinded
> transfer. When a client of ERTP performs a
> rights transfer
> (Assay.transfer()), if the Assay is from such an
> Issuer, then the client
> will cause the Assay to perform a blinded
> transfer. The same client, given
> a non-blinding Assay, will perform a non-blinded transfer.

So, if I had a com.waterken.sea.currency.Currency purse containing the rights to some e-gold, could I not anonymously transfer those into someone else's purse, using only the cap for the other purse.

I don't know who else has the cap for that purse. The receiver doesn't know who added to their purse. Is this not double blind?

> I very much appreciate this, and think it's
> correct. However, I have to
> quibble with an implication of the last sentence.
> As MarcS's echat and
> edesk applications show, E is already up to
> allowing programmers to deploy
> capability based solutions as well.

True. Having used echat, I know you can make applications with E. Sorry, MarcS.

I guess I was more getting at the fact that Droplets doesn't require any download to deploy, is already persistent and has a finalized API.

> Btw, in enumerating the capability security
> issues E addresses but Droplets
> don't, the most important is the issue of
> multiple TCBs vs shared trust in
> a single TCB.

Does this fall under the blanket statement of "Confinement is not supported."? If not, then I don't fully understand the issue. Please elaborate.

> Sorry, but E requires a persistence solution
> that's adequate, open-source,
> and free. Without one, E will simply die.

I disagree that it needs to be open-source and free. But if that's your decision, I accept that.

I was hoping that it would be enough that it used an Open Source persistence interface that could be implemented by Open Source or commercial code. Given the complexities of persistent storage, having the possibility of many implementations would be a good thing.

> Btw, you and I have already privately talked
> about another form of
> compensation. That offer is still on the table.

I know, and I am still considering it. I just wanted to see how others would react to the idea of a commercial Vat. I think it's a good idea. I find it hard to believe I am alone.

> However, please remember that the ideas
> you are being inspired by,
> the ideas embodied in E, are the result of
> contributions from a great many
> people. I hope the attributions on the erights
> home page begins to spread
> this gratitude around appropriately.

I've tried to recognize this through the history section on the Droplet Security page.

No has reviewed this section. I would appreciate any comments on it that you may have.