1997-02-04 - Re: Dissolving Choke Points (fwd)

Header Data

From: ichudov@algebra.com
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 2f9602b4ff6dd8f533d755f5d7ff482dbd14853cf05f4cdfccc711d2ee93dcee
Message ID: <199702040326.TAA12077@toad.com>
Reply To: N/A
UTC Datetime: 1997-02-04 03:26:10 UTC
Raw Date: Mon, 3 Feb 1997 19:26:10 -0800 (PST)

Raw message

From: ichudov@algebra.com
Date: Mon, 3 Feb 1997 19:26:10 -0800 (PST)
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Dissolving Choke Points (fwd)
Message-ID: <199702040326.TAA12077@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: ####### ### <###@###.com>
> To: ichudov@algebra.com
> Subject: Re: Dissolving Choke Points
> 
> ichudov@algebra.com writes:
>  > i do have unix (linux) and stuff, but i can't take a lot of subscribers
>  > -- maybe 200-300 or so.
>  > 
>  > i actually wrote a proposal for a mailing list without a central control
>  > point, with several advantages being impossibility of control, absense
>  > of a single point of failure, and cryptographic verification of honesty 
>  > of moderators.
>  > 
>  > if there is any interest, i will post it here.
> 
>      Please do.
> 
> Regards,
> 
> ####### ###

Here, I propose a new scheme for the Cypherpunks mailing list that would

1) Ensure that no one person is able to take over the control over the list
2) Ensure that there will be no single point of failure, i.e., shutdown
   of any single computer will not kill the list
3) Ensure that even people with relatively small Net resources can help
   keep the list afloat.

The idea is as follows: even though Cypherpunks is one group, the group
will be based on multiple mailing lists with identical content. These
lists may be named, for example, cypherpunks@algebra.com,
cypherpunks@toad.com, and cypherpunks@netcom.com (obviously, these names
are used as an example only).

Any user is free to subscribe to any of these lists. All of these lists
will interact with each other in the following way: 

1) Each node would forward ALL incoming submissions to a) all other nodes
   and b) to all subscribers "attached" to the node
2) Each node will send information about all new subscriptions to 
   each other node.

The following procmail recipes for cypherpunks@ accounts may be used to 
ensure quick forwarding: 

# is it sent to cypherpunks (some spams will be trashed here)
# and is it not a mail loop?
:0
* ^TOcypherpunks
* !^X-Loop:
{
  #
  # This recipe removes duplicates!
  #
  :0 Wh: msgid.lock
  | formail -D 32768 msgid.cache

  # forward it to other cypherpunks lists
  :0 c
  !cypherpunks@netcom.com cypherpunks@toad.com

  # send it to all local subscribers
  :0 c
  !majordomo -some -arguments

  # store the checksum and message-id for honesty verification (see below)
  :0
  |accounting
}

# suSCRibe/unsuSCRibe recipes go here

This scheme ensures that the list is run in a cooperative fashion and
can be maintained by a number of individuals without any one of them
having an expensive internet connection or being "in charge". It also
ensures that even if one node fails, traffic can be re-routed to other
nodes. Just as well, it ensures that any attempts of cheating will be
noticed: it is easy to write a bot that would subscribe to all of these
lists and see if any messages get "lost".

Users can send their articles to only one node, or, if they feel
paranoid, to several nodes at once. All we need is to make sure that 
all Message-IDs of outgoing messages are unique at every node.

Honesty verification: 

I suppose that there may be some more elaborate, crypto-based schemes 
to control and monitor article distribution. For example, there can be
another list, cypherpunks-control, where each of the nodes posts a 
publicly available signed summary of checksums of articles that went
through, and individual users would be able (with the help of s simple
client program) to verify that

        1) They received these articles
        2) That summaries received from all nodes are identical
        3) That all articles were received by all nodes


They do not HAVE to do it, but they can if they want. If they do, there
will be no way for list maintainers to censor anything.

If a node goes down or if the users' verification scripts indicate a 
potential for cheating, they can resubscribe to some other node and
let everyone else know what's going on.

My proposal strikes me as fairly simple and potentially workable. Even
though 90% of the users will never get to usnig the verification
mechanism, it will ensure honesty.

Note also that this mechanism is a gross simplification of the way 
USENET works, so some may vouch for a usenet group instead. 

Your opinions will be appreciated.

        - Igor.






Thread