Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: Morpheus - the bitter thruth?

From: jason:cunliffe:verizon at: 6-Mar-2002 17:29

> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > # > > The easiest way to have *secure* P2P is to develop some [obscure] > > proprietary, non-published set of matching tools. End of story. > > Please, not that old oneagain. Security through obscurity never has and > never will work. The world is full of people far more intelligent than
people Well perhaps I should be clearer. I was not exactly advocating this. Just pointing out that perhaps the best security is quite off the radar of expected strategy. There is plenty in life beyond the world of packet sniffers. There are plenty of things unquie to us: body language, smell, body metrics like iris, fingerprints..P2P is about peer to peer but I prefer tothin of it as People to People. How many choices then? For example, let's be old fashioned about this for a moment: suppose I send you an innocuous email recommending a book review, or some photos of my holiday.. But it in fact we've already met for coffee, or telephoned one another, or I sent you a nice birthday card, so you know exactly what to do with that information when later I send P2P message like : (page)"345" or jalama beach Perhaps you use software, perhaps you use your eyes.. or memory.. The founding basis of public/private keys and encryption is that separted parts combine to form something else. PGP is cool and clever but it is still an advertisement. obfuscated modular software is another example. jigsaw puzzle mesages which are little programs not just data. Rebol is good for this. do %abc abc does %efg ... does %xyz context context context
> who write "secure" protocols - give them a disassembler, packet sniffer
and a
> few weeks and the secure protocol will be plastered over pirate and > cracker BSS, IRC and newsgroups. In Europe people would even be legally > *allowed* to do this so that they could write tools to interoperate with
> network. Then you're stuck in the cycle of trying to second-guess people, > update everything and hope it doesn't break and spending far more man
> trying to stay half a step ahead of everyone else than actually putting > effort into making the system good.
Yes agreed. But all that is very visible bright targets on the radar.
> Pointless, counter productive and self-defeating as closed protocols are
> open invitation to crackers: which carries more cracker karma, cracking a > closed protocol or exploting an old, documented, probably well patched > exploit in an open protocol?
I just feel that there so many more approaches which need to be tried yet. Voice, music, image, movement [gesture] which may prove to be far more effective and appropriate for person to person. P2P may prove to be largely about exploring such new directions.. ./Jason