At 10:59 PM -0400 8/20/2000, Jeff Kandt wrote:
>...
>Tipster allows the artist to revoke any given key with a revokation
>certificate. By allowing the artist to encode multiple
>URL/signature pairs onto the file, they can set up multiple,
>redundant revenue streams, and you encourage competition among
>service providers. The ability to revoke individual server keys
>means that the artist can cut off any service provider for any
>reason without interrupting the revenue stream.
>
>Of course, revokation certs will have to be kept in a central
>location, but that can be arranged.
Certificate revocation is one of the thorniest issues in public key
cryptography. Maybe you can solve it in this narrow context, but I
would avoid it if there is another way and I believe there is.
>
>>Under your scheme, each user will need a payment client or an MP3
>>player that includes a payment feature. It would make more sense to
>>have just the artist's URL included with the content and create a
>>protocol to let the payment client download a list of servers from
>>the artist's site.
>
>If you're going to include a URL with the content, you need
>something which will parse the file and read that URL. And if
>you're writing new code anyway, why not put in some crypto to give
>the fan some feeling of security (that they're paying the right
>person). As a bonus we end up empowering the musicians to an
>unprecedented degree.
The phrase "why not put in some crypto to give the fan some feeling
of security" really gets my fur up. There is no reason not to design
a system that really works. I support your overall goal, but you
will severely damage your credibility and the credibility of
voluntary payment models in general by abusing crypto in this way.
>>...
>>The recording industry is not that stupid. They can see the threat
>>almost as clearly as you can. Napster woke them up and have plenty
>>of lawyers. Expect any voluntary payment system to be sued.
>
>Please. On what grounds, counselor?
Get some lawyers on your team and ask them to look at what you are
doing from the recording industry's perspective. Also ask what a
defense will cost if you are sued.
>
>(While I enjoy arguing these philosophical and economic points,
>these lists (esp. [EMAIL PROTECTED]) probably aren't the best
>place for it. I invite you, and anyone else who's interested in
>these issues, to http://tipster.weblogs.com where we have a
>discussion group intended for just this sort of debate.)
>
Thanks for the invitation. I think I've said my piece on the
philosophy. If you want a critique of your cryptographic design (and
are prepared to listen) I prefer a forum where other cryptographers
are present.
Arnold Reinhold
