On Thursday 07 May 2009 21:39:38 Matthew Toseland wrote: > As a parallel option for introduction, a hashcash-protected global > announcement queue? > > Say KSK,23 at blah is a KSK protected by hashcash (this key type is > implementible, the catch is that you may get a collision and then you have > to find another slot and recompute). > > Then as an opt-in, and with a configurable hashcash strength, WoT nodes > could poll a single global introduction queue. They would announce which > strength queues they poll. > > This would ensure that everyone who wants to can see every new identity as > it is announced, and form their own opinion of it. > > When it gets spammed, the hash strength can be increased. Obviously > hashcash is not a real solution on its own. > > Would this satisfy the anti-WoT-censorship folk, or at least appease them > to some degree? > > Also, it would cut the time taken to get announced: once the hashcash is > solved and the key posted, we don't need to wait 24 hours for an > acknowledgement.
The user won't notice any drawback when using it the first time except that it will take 1 day until he receives answers to his posts - which is normal on forums sometimes. I will design the UI in a way which notifies the user that he needs to solve captchas but does not prevent him from using the system if he has not done so yet. > Drawbacks: > - Excludes users with slow systems. > - Limited deterrent to a determined attacker. > - Might need native hashcash cracking libraries? OTOH the hashes are > implemented in native code anyway by the JVM, so maybe not. > > Advantages: > - With the current system, if an identity is marked as spam early on, many > people won't see it. Whereas if you can announce to a large number of > people at once, and have each evaluate your posts individually, this may > avoid some of the effects the anti-wot-censorship lobby are complaining > about. - Useful emergency fallback should the captchas be broken. > > Sensible? Stupid? Really, to me hashcash seems as shortsighted as the early computer games which did not use the timer chip for timing but some fixed constants based on what the average PC clock rate was back then. It was never possible to play them with a decent speed, either they ran way too slow or with modern hardware they run so fast that you cannot play them at all without artificially slowing your PC down. We will NEVER find any satisfying value of how much computation time a hashcash key would need, especially if we consider the fact that PCs have been too fast for desktop use for like 6-7 years and many people are still running the early models which are "fast enough" but new users have machines which are 100x as fast. Hashcash does not work, it's stupid, yes :( > Also, what about an option for ignoring the WoT's opinion until a newbie > has posted at least N messages, or M time has elapsed? Sounds like a better idea than hash cash. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090507/e8dcc433/attachment.pgp>
