On Sun, 13 May 2001 17:57:44 -0700 "Josh" <[EMAIL PROTECTED]> writes:
> My system IS designed to protect freedom of speech.
> Actually, my goal is to "make a global file system that's impervious
> to the
> NSA."
> So yes, freedom of speech is very important to me. In fact, if my
> dream
> becomes a reality, there will be unique challenges that the
> (central
> security) organization must deal with. I expect China to be a much
> more
> difficult case to deal with than America, because we are so used to
> having
> freedom of speech. So I'm already aware of all the issues we will
> have to
> deal with. That alone is a discussion in itself, but it will be
> democratic
> and realistic.
>
> The method is a bit different than yours, but the results are the
> same. I've
> designed a separate system, out of necessity, called UNI-ID, for
> UNIversal
> IDentification. In fact, the security portion was the last part that
> I
> designed, and I found myself with a unique challenge. In order for
> the
> encryption and authentication features to work, there must be a way
> of
> uniquely identifying end users and servers, and authenticating them.
> Often,
> security requirements will kill an otherwise good design. The
> location
> independence dictates security: If I can get www.cnn.com's files
> from my
> neighbor, I must have a way of authenticating them, otherwise my
> neighbor
> can produce false files, thereby rendering the location
> independence
> useless.
This is achieved with SSKs isn't it? Only the owner of that particular
subspace can create content on it, right? And what about PGP?
>
> This is where the authentication system comes into play. It's also
> the
> public key authority.
> I can tell you from experience, because I've been researching the
> same
> thing, "distributed security" is an oxymoron. Only a single
> security
> authority can make a global file system work. Respecting peoples
> right to
> privacy is something that will be built into the bylaws of the
> non-profit
> foundation which will run UNI-ID. I expect us to have a working
> relationship
> with the Secret Service, FBI, Customs, and all the same agencies of
> the
> foreign governments. I hope to use a "virtual law firm" model, where
> end
> users may or may not choose to sign power of attorney to us. From
> law
> enforcements perspective, you must have a good case with good
> evidence
> before you ask us to
But law enforcement organizations are inherently very much against
Freenet-like interfaces and very much pro-censorship. How could you hope
to appease them while also protecting users?
>
>
>
> I want to go into more details about the security, but you really
> need to
> see the design to understand it.
> Basically, its psuedo-anonymous. Your account acts as an email
> forward
> service, so the world can contact you, if you choose. But UNI-ID
> does not
> contain enough information to identify the end user. If law
> enforcment
> demands somebodys identifcation info, because they threatenend the
> president
> for example, then the info we have will not be enough for them to
> immediately identify the person, only enough to reduce it down to a
> set
> number of possibilities. Since this email is going out to everyone,
> I wont
> go on for 10 pages to explain the details.
Hmm. So instead of giveing them an impossible to find target, you are
giveing them a merely difficult target to find? This is not good. Mind
as well just tell them everything they want to know.
>
> I've actually invented 2 things, the file system, and the
> zero-knowledge
> based authentication system.
>
> Ironically, the record industry will probably love this, because
> I've
> addressed their concerns. Copyrights become a decryption issue with
> my
> system, and the encryption keys (and security groups) can be
> obsoleted, so
> once a private key is illegally distributed, it can be obsoleted.
Uh, come again? How do you use a file without decrypting it? And once
it's decrypted wouldn't you be able to store it as an unencrypted file,
thus makeing this obsoletion of encryption keys incapable of helping keep
software and music piracy down? I mean, really, how does it work?
>
> One of my scenarios is something called "the anywhere pc", and
> basically it
> shows how somebody can use the internet as "the primary disk", and
> go to any
> PC connected to the internet and access their same files. The
> location
> independence allows for this, so does the permanent caching. If you
> go to a
> new location, such as Kinkos Copies, at first its slow while your
> files
> transfer there. But the permanent caching then kicks in, and its
> fast from
> that point on. Your files are encrypted, so the local copies are not
> a
> security risk. Because the internet is the primary disk, if you
> don't return
> to Kinkos, after time the cached (encrypted) copies will be purged.
I would like this, make it like an NT workstation kind of deal right?
You just log into any computer in the world and it automaticaly gives you
secure access to your own files and settings and stuff? I would like
that. :)
I used to be able to do this kind of thing on the web with desktop.com,
but then they changed everything so that it is now just some stupid web
portal, like netscape.com. GRRR!!
>
> See, I wrote the scenarios first. I WROTE THEM YEARS AGO, so I could
> have a
> set target to stay focused on.
> I never thought I'd actually pull it off (haven't yet, but it works
> on
> paper).
>
> Another scenario is Microsoft Office 2004, which is a native MFS
> aware
> program. Basically, office runs from URL's at Microsoft, and end
> users cache
> copies of the application. Only people of bought it have their
> UNI-ID
> entered into the UNI-ID group which belongs to Microsoft, which is
> the set
> "owner" of the files, therefore only members of the group can
> decrypt them.
>
> I have come to an engineering conclusion that a global file system,
> with my
> features and goals, cannot work without a central security
> authority. Yet,
> the authority isn't the achellies heel of the design. The
> organization will
> have NO access to the data for the users of the file system. We are
> not big
> brother. However, the organization will manage the anti-virus
> services (a
> byproduct of the design methods), and will be , more or less, the
> "certificate authority" which will be used by the world to
> authenticate
> servers and files. In fact, the design wont work without it.
>
> Current network file systems are nothing more than local file
> systems,
> stretched across a network. They are not bandwidth aware.
> I even have a feature called Data Stream Interruption. In New York
> you can
> be downloading a movie from a server in California. Along the way,
> some of
> the intermediate routers notice that their networks have that movie,
> and
> they transparently interrupt the data stream, and cancel the stream
> coming
> from California, thus saving the bandwidth between California and
> that
> intermediary network.
This is awesome. It would go a long way to improve freenet if freenet
could be aware of just where data is coming from and can interupt a
stream with a closer or faster system that has the same data. :)
>
> From a bandwidth perspective, and that's my perspective, this file
> system
> addresses the duplication problem and the wasted bandwidth.
But duplication is a great thing when you think about how vulnerable data
can be to corruption. If you have data redundancy it protects the data
from being damaged, and the increased data storage is worth it, IMHO.
And Freenet can't function without data redundancy, so your system would
have nothing to do with freenet. So, oh well, guess you can't blend the
two systems together. <shrug>
>
> As for my motivations, its simple: I want the credit for inventing
> this. I
> do hope to make money off this, but in an indirect way, just like
> Linus
> makes money off of Linux. I know for a fact that I'm sitting on
> something
> huge, because so many others are working on the same thing. This
> design will
> empower the entire "store solution provider" business model, and
> storage
> area networks.
>
> Does anybody remember when a company showed Microsoft how to do
> native API
> translation for OS/2 2.0? It was in 1990 or 1991..
> Remember what happened? Anybody know networking well enough to agree
> with me
> that Netware rules, and Microsoft has borrowed a lot of the
> technology of
> Active Directory? (banyan invented it anyhow), and Novell will soon
> die?
>
> I'm doing the patents, because I know Microsoft tried and failed, at
> the
> same design. I know their history, and I've got the money.
> To not get the patents is stupid, in my opinion.
>
> Remember, I intend to give the design for free, so long as the
> authentication service is used, which will be for a non profit
> foundation.
So why not go with GNU?! I still don't get it.
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
