1995-09-11 - Re: question about reputation

Header Data

From: Wei Dai <weidai@eskimo.com>
To: Adam Shostack <adam@bwh.harvard.edu>
Message Hash: 45729b841a9d5d1b5b0ca39ca4e2b660a1aede6ff44179d8d857b02a0aa19408
Message ID: <Pine.SUN.3.91.950910164221.8377C-100000@eskimo.com>
Reply To: <199509102310.TAA00342@bwh.harvard.edu>
UTC Datetime: 1995-09-11 00:20:39 UTC
Raw Date: Sun, 10 Sep 95 17:20:39 PDT

Raw message

From: Wei Dai <weidai@eskimo.com>
Date: Sun, 10 Sep 95 17:20:39 PDT
To: Adam Shostack <adam@bwh.harvard.edu>
Subject: Re: question about reputation
In-Reply-To: <199509102310.TAA00342@bwh.harvard.edu>
Message-ID: <Pine.SUN.3.91.950910164221.8377C-100000@eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 10 Sep 1995, Adam Shostack wrote:

> 	Good question, but a quick modification allows for effective
> bootstrapping.  If I want to start consulting for Amalgameted
> Consolodated, I can offer them a 10 free questions deal to bootstrap
> things with.  Mallet can only cheat if my offer was broadcast.  (I 
> presume that Amalagated' keys are somehow strongly verified, and the
> negotiantions are kept secret from Eve and Mallet.)

This scheme doesn't quite work.  (Let's call Amalgameted Bob, to keep
names short.)  Bob can create a new, unlinkable pseudonym and give the same
offer to Carol under the new pseudonym.  Then, Bob acts as Mallet and
passes messages back and forth between Alice and Carol.  At the end of the
10 free questions, Bob terminates its contract with Alice, leaving Alice
with nothing and Bob's pseudonym a certain amount of reputation with
Carol. 

> 	There might also be fingerprinting technologies that allow me
> to embed a signature in the documents returned to clients that would
> allow me to show that Mallet stole them.  (Which might, incidentally,
> get Mallet a job in some circles...If thats known, Bob and Alice can
> collude to make it appear that Bob was Mallet, and thus forge a
> reputation.

Fingerprinting may be useful in some situations, but is clearly not a
perfect solution to this problem.  Alice may be able to prove to Mallet's
customers that she originally wrote the answers, but if their
communications with Mallet are private, how does Alice even know who those
customers are?  Also, I'm not too familiar with fingerprinting
technologies, but Mallet may be able to remove the identifying marks by
translating the answers to a different form while preserving the meaning.

Wei Dai





Thread