[REBOL] Re: Morpheus - the bitter thruth?
From: jason:cunliffe:verizon at: 6-Mar-2002 17:29
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> #
> > The easiest way to have *secure* P2P is to develop some [obscure]
> > proprietary, non-published set of matching tools. End of story.
>
> Please, not that old oneagain. Security through obscurity never has and
> never will work. The world is full of people far more intelligent than
people
Well perhaps I should be clearer. I was not exactly advocating this. Just
pointing out that perhaps the best security is quite off the radar of
expected strategy. There is plenty in life beyond the world of packet
sniffers.
There are plenty of things unquie to us: body language, smell, body metrics
like iris, fingerprints..P2P is about peer to peer but I prefer tothin of it
as People to People. How many choices then?
For example, let's be old fashioned about this for a moment: suppose I send
you an innocuous email recommending a book review, or some photos of my
holiday.. But it in fact we've already met for coffee, or telephoned one
another, or I sent you a nice birthday card, so you know exactly what to do
with that information when later I send P2P message like : (page)"345" or
jalama beach
Perhaps you use software, perhaps you use your eyes.. or
memory.. The founding basis of public/private keys and encryption is that
separted parts combine to form something else. PGP is cool and clever but it
is still an advertisement.
obfuscated modular software is another example.
jigsaw puzzle mesages which are little programs not just data.
Rebol is good for this.
do %abc
abc does %efg
... does %xyz
context context context
> who write "secure" protocols - give them a disassembler, packet sniffer
and a
> few weeks and the secure protocol will be plastered over pirate and
> cracker BSS, IRC and newsgroups. In Europe people would even be legally
> *allowed* to do this so that they could write tools to interoperate with
your
> network. Then you're stuck in the cycle of trying to second-guess people,
> update everything and hope it doesn't break and spending far more man
hours
> trying to stay half a step ahead of everyone else than actually putting
> effort into making the system good.
Yes agreed. But all that is very visible bright targets on the radar.
> Pointless, counter productive and self-defeating as closed protocols are
an
> open invitation to crackers: which carries more cracker karma, cracking a
> closed protocol or exploting an old, documented, probably well patched
> exploit in an open protocol?
I just feel that there so many more approaches which need to be tried yet.
Voice, music, image, movement [gesture] which may prove to be far more
effective and appropriate for person to person.
P2P may prove to be largely about exploring such new directions..
./Jason