- From: Steven Rowat <steven_rowat@sunshine.net>
- Date: Mon, 22 Aug 2011 12:56:22 -0700
- To: public-webpayments@w3.org
On 8/20/11 9:02 PM, Manu Sporny wrote: > Requiring a secure database where works are registered sounds like a > centralized solution, or at least a solution that requires some sort > of centralized control. Yes; and perhaps that will be necessary in the long term. However, your architecture of PaySwarm Authorities, in which there are competing authorities that the user chooses among, much like, say, a "Certified Organic" label from different certifying organizations, might work well, possibly better. To maintain the analogy: there's also a U.S. Federal single "organic" definition, but that lends itself to pressure and interference from large corporations, so sometimes the smaller more independent "Certified Organic" labels indicate superior products. >It would effectively be a ruling that if you > want to distribute content on the Web, you have to pre-register it at > a central authority. No, I believe your "distribute" is too broad: even if there is a central registration database, one will only need to do this if they want the kind of control -- for financial or copyright reasons -- that this automatic checking can give. People who don't want to use it can continue as they are today. It would be an opt-in system, with the owners/creators being the people who register their own works. At this point I also see no problem with allowing pseudonyms, so whistleblowers and political activists can still use it, as well as people who just wish to be anonymous relative to their published works; much like book publishers do successfully now, and have for centuries, with authors who wish to remain pseudonymous. >That seems to be a very risky proposition when > we're talking about things like net neutrality and ensuring a level > playing field. Somewhat risky; but I think the benefits will be huge in allowing the decentralization of the control of information. Individuals working outside the system bureaucracies will be able to earn from their work and reach their audiences globally. I think it will change the information-flow landscape radically and largely for the better. I agree there's a danger which should not be underestimated in having a central database, if that was attempted. But the world is carrying this danger with IP addresses right now, is it not? I own (or at least, yearly rent) a static IP address and my name is on it. That fact is being used and checked from a central place and is spread out throughout the Net in mirror IP servers. There is danger in this, but so far it's working. The architecture of a central digital works database is not identical to this, perhaps, but I think it's similar enough that we can project that we can handle it, as a world project. And it would really be a world project. In fact, it's probably a project for the United Nations. :-) . >Are you suggesting that we create a centralized > registry of intellectual works? I'm not sure, but I still think this needs to be seriously considered at this point, although who 'we' will be is certainly moot. If only one centralized database is maintained I don't envision it being a commercial enterprise, that's certain. Perhaps W3C; but unlikely that they would actually run it. Perhaps in theory the United Nations would be most appropriate, although again unlikely. It might have to be a freshly developed body for this one purpose, which uses the W3C as well as international law in developing its protocol, and then submits that protocol to some established international standards body in order to freeze the standard before implementation. > However, I have never seen any material that asserts that [CCN] is a > solution to piracy. Are you saying that one of CCNs end-goals is the > reduction of pirated content on the Web? It was clear to me that one of CCN's end-goals was improved *security* on the web, via the registering of every packet. In fact, what I took from the videos about CCN and the articles I read about it, was that security was the first and most important of the three main things CCN would address -- the other two being: scalability; and complexity of interoperability. I do not think it is a big jump from there to saying pirated content would be reduced. >> http://lists.w3.org/Archives/Public/www-tag/2009Sep/0055.html > > It was a very good list of use cases back in 2009, and it continues to > be a very good list of use cases today. Would you mind it if we merged > your use cases into the PaySwarm use cases document: > http://payswarm.com/specs/payswarm-use-cases >... [snip]... I'm fairly > certain that PaySwarm could support all of those use cases as long as > there was some extension work done on how the PaySwarm Authorities > handle certain business rules in the licenses associated with content > that is sold. This is very promising, and I have no problem with you providing PaySwarm code solutions for the use-cases and incorporating that in the PaySwarm document, with attribution of the original link. However, before you have worked out code examples for them I'd prefer if you merely linked to them, or quoted them in the standard text manner, rather than merging them into the document. > Do you have a link that talks to the CCN packet security? How is it > different than PKI? That is, why are CCN packets more secure than > something that has end-to-end encryption, like HTTPS or TLS or a > receiver-encrypted message using PKI? I'm out of my league here. I believe these questions need to be answered but I am not the person to attempt them. I believe we need somebody from inside the CCN or NDN (named data networking, which is another name the concept is going by now: see http://www.named-data.net/) effort at this point, to carry on this conversation with someone like yourself who understands (as I do not) the joint intricacies of the signing of the packets and the transfer of the packets. However, in attempting to understand the problem a bit more I have just gone and listened to the new (to me) 2010 video in which Van Jacobson explains the rationale for CCN/NDN at a very high level (largely without pesky details; giving the basic theory of why it needs to exist, and explaining with metaphors to physical distribution. The question period at the end does get into some interesting use-case details, however). This explanation has matured since 2009 and I recommend it. At 21 minutes Van gives a brief synopsis of why security is important. At the end of that he says that security is the most important difference between the current system and the CCN/NDN being developed. Therefore, I believe you need to know these things about CCN before knowing whether it is superior in some way to what you can manage with PaySwarm on top of current TCP/IP. Here's the 2010 "The Good, Bad and Ugly of Digital Distribution" video in case you wish to see it: http://www.parc.com/work/focus-area/content-centric-networking/ The version at PARC irritatingly does not honor my need to use the time slider to skip around in the video, so I've found another version that does: http://www.slideshare.net/PARCInc/the-good-bad-and-ugly-of-digital-distribution-a-contentcentric-networking-perspective-on-evolving-network-architecture-parc-forum-6843928 >CCN is great, but...[snip]... the chances of it happening in the next > 2-4 years are slim, I'm afraid. This is wise to predict, but really all one can say is...perhaps. Three days ago it looked like a permanent stalemate in Libya.... to some. Maybe to all. Today the rebels are in the center of Tripoli and three of Gaddafi's sons have been captured. > I don't think any combination of any technology will be able to > prevent piracy because people are very good at lying. ..[snip]... > Or, to put it another way - if someone wants to rip a movie, The > Pirate Bay is a much better alternative to PaySwarm. As a viewer - you > don't have to pay a dime. You don't have to, but you might want to. There's a very good analogy made in the 2010 CCN video linked above, in which VJ talks about going into a store to buy a specific Samsung 49-inch TV. He makes a very good case for the fact that the naming of the content itself -- like the naming of the package containing the actual Samsung 49-inch TV -- is necessary for a distribution system to work effectively. I'll go further and relate it to your statement about lying: yes, in fact, all of us learn to lie (as a tool for survival) around the age of 5 or so (give or take a few years) -- but then we learn when it is and isn't appropriate to use it, and a lot of that decision is internally mediated by our educated conscience. I think this relates to the present situation as follows: when the 'digital work' is unsecured and unsigned, and all we have is a copy made by unknown persons, who might be lying about what they made it for and whether they're 'ripping us off' (industry middlemen, whatever: faceless, nameless), then Pirate Bay is an equally good alternative. But, in contrast, if that 'digital work' was trusted just as well as the 49-inch Samsung is as having come direct from the factory without anybody else tampering with it (i.e, direct from the person who made it, guaranteed by them), then I think the majority of people would be happy to engage directly with the creator by paying for the work; that buying it would become a far more attractive option than it is at present. There would still be piracy but I think it would be greatly reduced. I don't know if PaySwarm can provide this sort of assurance without the architecture changes that CCN/NDN will allow. If, on the other hand, PaySwarm can do this on top of existing TCP/IP, then it should. :-) . Steven
Received on Monday, 22 August 2011 19:56:56 UTC