Advogato blog for fen

11 Apr 2001

Wed, 11 Apr 2001 07:57:40 GMT

The RSA Conference is huge this year - they say 10,000 people, and I believe it. Quite a change from the 60-odd attendees in 1991 (though most of us are still pretty odd!).

I'm a bit disappointed that nothing has really caught my attention and excited me. It's nice to hear Adi Shamir likes the Rijndael algorithm used by the new NIST Advanced Encryption Standard (AES) which will be the replacement for the ancient (and broken) DES. But he did comment that the 10-14 rounds (depending upon key size) proposed, while sufficient to stay any known attacks, were probably insufficient to provide a solution that could last twenty years...

Overall, though, my cynical "executive" summary of the conference (and the field) is that while encryption techniques are getting better and stronger, attack methods and general user and developer/implementation errors seem to be increasing at a greater rate.

2 Apr 2001

Mon, 2 Apr 2001 19:35:12 GMT

Still pre-publication, I invite comments and feedback on Reputation Capital and Exchange Mechanisms, particularly wrt the zero-knowledge proof requirements.

OpenPrivacy is an Open Source initiative. We're building a framework to allow secure reputation trade for pseudonymous entities. (See the home page for more.)

...wonder what it takes to get upgraded from Observer...

1 Apr 2001

Sun, 1 Apr 2001 07:01:16 GMT

Here's a snippet from a paper I'm writing on Reputation Capital and Exchange Mechanisms.

A reputation exchange is similar to a currency exchange, but trades in reputation capital instead of money. No one can force you to start using a new currency but if all your friends - and you - move to France, you'll want to start using francs. The Reputation Management Framework provides a plug-in architecture for Reputation Calculation Engines that make this sort of "reputation-exchange" feasible. The rules governing the "exchange rate" are set by the administrators of the respective systems - poor exchange rates will discourage newcomers while inflated exchange rates will disgruntle the existing community. A particularly compelling feature is that reputation exchanges - unlike their currency-backed counterparts - are not zero-sum, in that the process of converting a reputation does not destroy the old one - it merely enables some reputation carry-though systems.

29 Mar 2001

Thu, 29 Mar 2001 02:52:31 GMT

Pymmetry and Bram's "trust" code have gotten me (finally) to spending a little time with Python. It's fun and easy though I still have some of the steep part of the learning curve to go up. Emacs integration seems good, but I can't seem to find the key-binding to evaluate e.g. a test def in the file I'm working on. I'm sure there's a way...

Working with existing trust frameworks has got me thinking about how cool the OpenPrivacy reputation management framework is. It's designed so that trust metrics - such as Pymmetry or Slashdot's moderation - can be plugged in and evaluated *themselves* on their reputation. So a community that uses e.g. Pymmetry today can easily switch, if and when a better trust metric (or a newer version of Pymmetry ;-) comes along. All pre-existing identities, certification, and reputations would remain intact, perhaps translated (at owner discretion) to the new system.

Think of it like a currency exchange, but with reputations. No one can force you to start using a new currency but if all your friends move to France, you'll want to start using francs. The Reputation Management Framework provides a plug-in architecture for Reputation Calculation Engines that make this sort of "reputation-exchange" feasible. And since reputation-exchanges are not zero-sum, you actually get to keep your old reputation, too!

We're putting the finishing touches on the documentation, but the code is available now. We're also working on a example system called Reptile (Reputation-enhanced portal using Mozilla technology) - check it out!

26 Mar 2001

Mon, 26 Mar 2001 06:09:34 GMT

Fought with Debian today. I had moved up to "unstable" on my personal machine to get access to some new stuff. Guess I've been lucky - and source control is getting better - as I've had no problems. But I want to get it back to "testing" level, which is anything but straightforward.

25 Mar 2001

Sun, 25 Mar 2001 05:23:54 GMT

I've been thinking a lot about 'trust' and 'reputation' recently. (I presented a paper at the Boston Computers, Freedom and Privacy conference earlier this month entitled OpenPrivacy - Enhancing the Internet with Reputations.)

Trust is key to any anonymous network, indeed to any society. Pseudonyms that over time prove to be trustworthy develop reputations that smooth the process of finding the people/entities that are most worth dealing with - within any given domain.

Trust is not generally transitive, as I may trust an auto mechanic with my car but perhaps not to invest my money. Ultimately, we find that trust develops through prior experience and knowledge, is spread by word-of-mouth, is dynamic, and non-monotonic.

There's precious little useful research in the computer science literature on trust and reputations, perhaps because there's a need to understand some background in the social sciences as to what it is and how it works. But I'm excited that more effort is going in this direction. Here's a short Bibliography that I have compiled. Suggestions are welcome!