[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Eternity Services
My comments below are not meant to cast doubt on Ryan Lackey's scheme, but
just to raise some questions.
I am surprised, I have to admit, that Ryan is talking so much about raising
money, getting investors, etc., when no _working model_ of his scheme has
been deployed for people to play with, find weaknesses in, etc.
(In comparison to, say, remailers, which have existed for more than five
years now, with literally thousands of articles--some good, some
bad--written about them in all of their various facets. Even specialized
lists for remailer operators, Mixmaster-type remailers, etc. And yet there
have been no serious calls for investors to pour money in.)
Frankly, in reading Ryan's summary, including assertions like "In my
system, no one knows (ideally) who is actually storing the data, only those
on the edges of the system (who will hopefully only be known by a logical
address)," I find no real discussion of the *core idea*, the _reason_ his
data base is in fact secure.
(I apologize if a full discussion is contained in his earlier documents.
Even if his earlier documents had a fuller description, there has certainly
been an almost complete lack of discussion of his system here in
Cypherpunks. Given the additional complexitities an Eternity type data base
has over something as conceptually simple as a remailer, the lack of
discussion is not confidence-inspiring that Ryan somehow got it all
Anyway, I can think of all sort of threat models, and ways of (maybe)
attacking any system of linked machines I can think of, except ones using
message pools (which is why I'm biased in favor of Blacknet, I suppose).
(The motivation for Blacknet was to a) demonstrate message pools, b) show
that anyone could be a node, c) build a system where the links between
nodes are all of the traffic in "speech space," and that so long as
encrypted messages could be posted in speech space (Usenet, boards, etc.),
then the system could not be shut down. Basically, to stop Blacknet one
would have to ban remailers in all jurisdictions, or ban speech coming from
certain jurisdictions. Otherwise, it's too distributed to stop.)
(Note: But Blacknet has long latency, derived from its "speech"
underpinnings. There is the temptation to go to faster links, to move away
from speech space into traditional network links. But this reduces the
number of nodes and links, and makes an attack on the reduced-but-faster
network no longer equivalent to interfering with free speech. A
technological win but a political lose.)
Until we see a mathematical model--forget the details of implementation,
the epiphenomenal stuff about Oracle, AOLServer, Alphas, and K6s!--of how N
distributed nodes store incoming files in such a way that the goals of
Eternity can be satisfied...
(And we need to discuss in more detail just what the goals can
realistically, and economically, be.)
There are a bunch of issues which come up, motivated by Ryan's comments
that he already has the design of a file system in mind:
- why won't all machines in the network in Country A simply be shut down,
regardless of whether the Authorities can prove which machine in particular
is storing the banned material?
After all, when a kiddie porn ring has its computers seized, the
Authorities don't necessarily have to prove exactly which disk sector (or
even which disk drive) is storing a file...they can either seize the lot,
and prosecute successfully, that the ensemble was the nexus, or
instrumentality of the crime.
To paraphrase Sun, "the network _is_ the crime."
- given the problems remailer networks have to deal with, with traffic
analysis and correlation analysis (an area we have alluded to but not done
serious work on), why would not the same methods be applicable to tracking
movements through the system Ryan is apparently proposing?
(I believe a 20 MB child porn video MPEG sent into the Eternity network
would leave "footprints" an analyst or watcher could track. I am willing to
be show the error of my ways, but only with some calculations of diffusion
entropy, for example.)
- In short, I want to see some simple descriptions of WHAT IS GOING ON.
It has always been very easy for us to describe how networks of remailers
work--so simple that at the very first Cypherpunks meeting in '92 we played
the "crypto anarchy game" with envelope-based remailers, message pools,
digital cash, escrow, etc. (Running this simulation took several hours, but
taught us a lot.)
I'd like to know how Eternity DDS _works_. Then we can start mounting
attacks on it: spoofing attacks, denial of service attacks, and attacks
assuming various levels of observability into the network linking the nodes.
Until then, I think it's a waste of time and money to be coding a detailed
implementation of a protocol.
(And it may _still_ be a waste of money, even after the protocol is beat
upon thoroughly. There is no clear market for such a service, and not even
for remailers. And maybe not even for PGP, in terms of paying customers
sufficient to pay the bills. Not to criticize PGP, just noting the obvious,
the same obvious situation that seems to be the case with digital cash.
Great idea, but where are the customers?)
The Feds have shown their hand: they want a ban on domestic cryptography
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^2,976,221 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."