Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 6 Mar 2002 16:18
 Next: 6 Mar 2002 23:52

Other threads:
 Prev: Re: RDC:FYI3 (plus plasma tunell)
 Next: Rebol news...

Same author:
 Prev: 6 Mar 2002 9:13
 Next: 7 Mar 2002 13:01

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
1-May 22:07 UTC
[0.06] 11.215k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: Morpheus - the bitter thruth?

From: jason:cunliffe:verizon at: 6-Mar-2002 17:29



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> #
> > The easiest way to have *secure* P2P is to develop some [obscure]
> > proprietary, non-published set of matching tools. End of story.
>
> Please, not that old oneagain. Security through obscurity never has and
> never will work. The world is full of people far more intelligent than

people

Well perhaps I should be clearer. I was not exactly advocating this. Just
pointing out that perhaps the best security is quite off the radar of
expected strategy. There is plenty in life beyond the world of packet
sniffers.

There are plenty of things unquie to us: body language, smell, body metrics
like iris, fingerprints..P2P is about peer to peer but I prefer tothin of it
as People to People. How many choices then?

For example, let's be old fashioned about this for a moment: suppose I send
you an innocuous email recommending a book review, or some photos of my
holiday.. But it in fact we've already met for coffee, or telephoned one
another, or I sent you a nice birthday card, so you know exactly what to do
with that information when later I send P2P message like : (page)"345" or
jalama beach
 Perhaps you use software, perhaps you use your eyes.. or
memory.. The founding basis of public/private keys and encryption  is that
separted parts combine to form something else. PGP is cool and clever but it
is still an advertisement.

obfuscated modular software is another example.
jigsaw puzzle mesages which are little programs not just data.
Rebol is good for this.

do %abc
abc does %efg
... does %xyz

context context context


> who write "secure" protocols - give them a disassembler, packet sniffer

and a

> few weeks and the secure protocol will be plastered over pirate and
> cracker BSS, IRC and newsgroups. In Europe people would even be legally
> *allowed* to do this so that they could write tools to interoperate with

your

> network. Then you're stuck in the cycle of trying to second-guess people,
> update everything and hope it doesn't break and spending far more man

hours

> trying to stay half a step ahead of everyone else than actually putting
> effort into making the system good.


Yes agreed. But all that is very visible bright targets on the radar.


> Pointless, counter productive and self-defeating as closed protocols are

an

> open invitation to crackers: which carries more cracker karma, cracking a
> closed protocol or exploting an old, documented, probably well patched
> exploit in an open protocol?


I just feel that there so many more approaches which need to be tried yet.
Voice, music, image, movement [gesture] which may prove to be far more
effective and appropriate for person to person.

P2P may prove to be largely about exploring such new directions..

./Jason

1 · 2 · 3 · 4 · 5 ... 20 · 21 · [22] · 23 · 24 · 25 · See whole thread