Loading ...
Sorry, an error occurred while loading the content.

sovereign peer

Expand Messages
  • Logan, Patrick D
    ... I am not sure who is more concerned with this, as opposed to who is more concerned with the chicken and egg problem described earlier in the same message:
    Message 1 of 7 , Nov 13, 2001
    • 0 Attachment
      > eBusiness cannot work without a sovereign peer...

      I am not sure who is more concerned with this, as opposed to who is more
      concerned with the chicken and egg problem described earlier in the same
      message:

      Cost savings cannot be realized as long as business has to maintain manual
      and electronic processes.

      Business will not jump on electronic processes unless cost savings can be
      realized.

      Security also is a concern, but I have not seen that expressed as a need for
      a sovereign peer. If a clear cost savings can be demonstrated in a
      relatively secure environment, then that would be sufficient to get the ball
      rolling.
    • Todd Boyle
      ... The sovereign peer must be perceived as very highly secure. Of course your wallet with cash is not totally secure nor is anything else in life, but based
      Message 2 of 7 , Nov 13, 2001
      • 0 Attachment
        At 08:28 AM 11/13/01, Logan, Patrick D wrote:

        >Security also is a concern, but I have not seen that expressed as a need for
        >a sovereign peer. If a clear cost savings can be demonstrated in a
        >relatively secure environment, then that would be sufficient to get the ball
        >rolling.

        The sovereign peer must be perceived as very highly secure. Of course
        your wallet with cash is not totally secure nor is anything else in life,
        but based on consumer behavior to date, the sovereign peer for e-business
        will need to be 10 times or 100 times more secure than the cash or
        the credit-card-bundled-with-fraud-insurance, in your pocket.

        However -- this level of security will not be difficult because as a Peer,
        you are not trying to control it from a server, or provide authenticated
        logins to a server or to other peers etc.

        I presume that the sovereign peer must regard everything outside its
        own boundary as utterly hostile, and absolutely more intelligent than
        itself. The sovereign peer is like Forrest Gump. It just ignores all IP
        traffic and all 65,000 ports, all semantics in the message, etc. except
        those functions and semantics it is designed to perform. That's why
        this might be easier than securing a Windows computer within the
        constraint that it must also be manageable by central servers, by
        low skilled engineers, with rich GUI tools, in the corporate IT environment..

        TOdd
      • steve jenson
        ... My calculations show that it needs to be exactly 4872.3 times as secure as the cash in your pocket. I can give you the Mathematica notebook if you need. A
        Message 3 of 7 , Nov 13, 2001
        • 0 Attachment
          Quoting Todd Boyle (tboyle@...):

          > but based on consumer behavior to date, the sovereign peer for e-business
          > will need to be 10 times or 100 times more secure than the cash or
          > the credit-card-bundled-with-fraud-insurance, in your pocket.

          My calculations show that it needs to be exactly 4872.3 times as secure
          as the cash in your pocket. I can give you the Mathematica notebook if
          you need.





          A "soverign peer" means centralization. Can we please get back on topic?
          Instead of discussing this dead-end, maybe you can start thinking about
          hubs of trust and ad-hoc trust relationships made possible by something
          similar to smart contracts?


          regards,
          steve jenson

          --
          steve jenson <stevej@...> http://sieve.net/
          PGP fingerprint: 79D0 4836 11E4 A43A 0179 FC97 3AE2 008E 1E57 6138
        • Lindsey Smith
          ... A lot of people around here have been thinking about hubs of trust and ad hoc trust for quite some time. And I guess by smart contracts you mean
          Message 4 of 7 , Nov 13, 2001
          • 0 Attachment
            Steve Jenson said:
            > Instead of discussing this dead-end, maybe you can start thinking about
            > hubs of trust and ad-hoc trust relationships made possible by something
            > similar to smart contracts?

            A lot of people around here have been thinking about hubs of trust and ad
            hoc trust for quite some time. And I guess by smart contracts you mean
            machine-to-machine pairing of buyers and sellers (you sell what I want, you
            can confirm I have a $10k Visa card limit, etc).

            I, personally, might be interested in that for my own online shopping, but
            in the B2B world that's not flying because buyer/supplier relationships tend
            not to be one-off, ships-passing-in-the-night arrangements, but long-term
            and human, face-to-face relationship based.

            PS: I nominate myself for the "most-hyphens-in-one-post-of-the-month" award.

            Lindsey
          • Todd Boyle
            At 01:42 PM 11/13/01, Jenson said ... Why shouldn t a sovereign peer send and receive orders, invoices, delivery notices, remittance instructions and every
            Message 5 of 7 , Nov 13, 2001
            • 0 Attachment
              At 01:42 PM 11/13/01, Jenson said

              >A "soverign peer" means centralization. Can we please get back on topic?
              >Instead of discussing this dead-end, maybe you can start thinking about
              >hubs of trust and ad-hoc trust relationships made possible by something
              >similar to smart contracts?

              Why shouldn't a sovereign peer send and receive orders, invoices,
              delivery notices, remittance instructions and every other category of
              business message, directly to other peers?

              Why shouldnt a trust architecture be constructed in which the peers
              themselves remember facts about behavior of other peers, and maintain
              repositories of data available for queries if permitted by the person
              who is being investigated?

              Let me put that in plain english. I have dealings with supplier X, and
              have bought 25 shipments of widgets per year for 15 years and have
              bounced my checks 6 times but otherwise made my payments timely
              every month. Now I want to convince Bubbas MOtors to sell me a
              car. So I give him a key to request my credit metrics from supplier X
              to include only Yes NO and how many years dealings. Bubba says,
              get lost. Now I give him a level three key, so that supplier X will
              give him the whole history by dollar amount and all dates but not
              the details of what was boght or sold.

              Bubba gets the certified reply from Supplier X and approves my
              credit,

              Thats peer to peer.

              Todd
            • Josh
              But isn t there an underlying issue of bubba needing a method to trust supplier X, to prove they re for real? At a minimum, an agreed upon timestamp service
              Message 6 of 7 , Nov 13, 2001
              • 0 Attachment
                But isn't there an underlying issue of bubba needing a method to trust
                supplier X, to prove they're for real? At a minimum, an agreed upon
                timestamp service would be necessary so supplier X's history of your
                transactions (your credit) could be authenticated, but that would require a
                centralized timestamping system that is in use by all parties involved.

                I feel that the goal of creating a purely distributed design is not the
                right approach for me. Instead I've chosen the path of using whatever
                architecture works best, so long as it meets a list of political
                requirements. I got so hung up on trying to be 100% distributed that I
                didn't make any progress. Now I've got a design where the centralized
                component is very basic and psuedo anonymous; the central system doesn't
                know who you are. In my opinion, if people trust the architecture, and it
                works well, they will accept a P2P design that has SOME centralization to
                it, so long as it's justified.

                - josh

                -----Original Message-----
                From: Todd Boyle [mailto:tboyle@...]
                Sent: Tuesday, November 13, 2001 2:17 PM
                To: decentralization@yahoogroups.com
                Subject: Re: [decentralization] sovereign peer

                At 01:42 PM 11/13/01, Jenson said

                >A "soverign peer" means centralization. Can we please get back on topic?
                >Instead of discussing this dead-end, maybe you can start thinking about
                >hubs of trust and ad-hoc trust relationships made possible by something
                >similar to smart contracts?

                Why shouldn't a sovereign peer send and receive orders, invoices,
                delivery notices, remittance instructions and every other category of
                business message, directly to other peers?

                Why shouldnt a trust architecture be constructed in which the peers
                themselves remember facts about behavior of other peers, and maintain
                repositories of data available for queries if permitted by the person
                who is being investigated?

                Let me put that in plain english. I have dealings with supplier X, and
                have bought 25 shipments of widgets per year for 15 years and have
                bounced my checks 6 times but otherwise made my payments timely
                every month. Now I want to convince Bubbas MOtors to sell me a
                car. So I give him a key to request my credit metrics from supplier X
                to include only Yes NO and how many years dealings. Bubba says,
                get lost. Now I give him a level three key, so that supplier X will
                give him the whole history by dollar amount and all dates but not
                the details of what was boght or sold.

                Bubba gets the certified reply from Supplier X and approves my
                credit,

                Thats peer to peer.

                Todd



                To unsubscribe from this group, send an email to:
                decentralization-unsubscribe@egroups.com



                Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
              • Todd Boyle
                ... Yes! That is exactly the problem. ... That would be nice but I don t agree it s necessary. People have gotten along 000s of years without timestamps. I
                Message 7 of 7 , Nov 13, 2001
                • 0 Attachment
                  At 03:49 PM 11/13/01, you wrote:
                  >But isn't there an underlying issue of bubba needing a method to trust
                  >supplier X, to prove they're for real?

                  Yes! That is exactly the problem.

                  > At a minimum, an agreed upon
                  >timestamp service would be necessary so supplier X's history of your
                  >transactions (your credit) could be authenticated, but that would require a
                  >centralized timestamping system that is in use by all parties involved.

                  That would be nice but I don't agree it's necessary. People have
                  gotten along 000s of years without timestamps. I submit that we
                  shall all pay bills with digitally signed promises to pay, and then if
                  the other party turns out to have lied in the transaction e.g. doesn't
                  deliver the goods then we won't pay our bill when it is presented.

                  People who don't pay their bills a lot will end up having a bad rep.

                  Reputation disputes will need adjudication--by reputable peers
                  perhaps.

                  Reputation is not my area of specialty and perhaps that Jensen
                  chap knows more about this than I do. Since he said it boils down to
                  centralized servers again.

                  >I feel that the goal of creating a purely distributed design is not the
                  >right approach for me. Instead I've chosen the path of using whatever
                  >architecture works best, so long as it meets a list of political
                  >requirements. I got so hung up on trying to be 100% distributed that I
                  >didn't make any progress. Now I've got a design where the centralized
                  >component is very basic and psuedo anonymous; the central system doesn't
                  >know who you are. In my opinion, if people trust the architecture, and it
                  >works well, they will accept a P2P design that has SOME centralization to
                  >it, so long as it's justified.
                  >
                  >- josh

                  I think there is some possibility for centralization but my thinking is
                  based on the Owner holding the keys. I see a need for the server
                  to surrender the ability to know or control some of the data. Servers
                  need to give increasingly granular control over information to the
                  end user, by cryptographic means. In the webledger industry there
                  has been a lot of discussion, in at least 3 major vendors I'm aware
                  of, of encrypting the content of the ledgers providing keys only to
                  the owner. The server would need to know some things to be
                  of any use at all, in managing data-- but if you think about it long
                  enough you could envision servers who don't even know jack shit
                  until the owner provides various keys within sessions that are completely
                  temporary and within some standard blades in the webserver that
                  have signed code, segregated memory spaces etc. etc.

                  Trouble is, you can never trust any remote computer. You always
                  come back to being a peer.

                  I agree with you -- central servers are completely viable when they
                  can provide enough of a compelling value to the user! But some huge
                  percentage of citizens will just never trust the privacy or security of
                  them, and, they're right about THAT.

                  Todd
                Your message has been successfully submitted and would be delivered to recipients shortly.