Re: encouraging good use of p2p

> Our recent discussion of TAG future directions...
> included discussion of integrating P2P distribution protocols
> with the web; e.g. for the case where somebody puts a home movie
> on the web, it becomes wildly popular (because media
> flash-fires happen), and the load on the origin server is
> spread around bittorrent-style.
> Sandro pointed out in internal discussion that the recent
> decision in the grokster case...
> MGM Studios, Inc. v. Grokster, Ltd.
> motivates the P2P to find legitimate application or endorsement
> of their technology.
> There may be a real opportunity for W3C here. If there are
> three or more interested W3C members, I can help them get
> a little group started (as open as they like) to noodle on
> this some more.

On the architectural side of this issue, I have one idea for how to
deploy a merged http/P2P approach that's architecturally...
unpleasant... (ugly, evil, whatever...) but I can't see how it results
in any real harm, and I think it would work rather well.

The idea is to claim some part of the lexical space of a URI after the
hostname, much like the designs which provoked issue siteData-36.

To start with an immutable-content example (because it's simpler), if
I want to publish a video:

in a robust manner I should link to it as:
     or maybe

where the added hash part tells user agents, "if you can find content
with the given hash, feel free to use it instead."  Then smart
browsers and proxy/caches can try various P2P networks.  (This assumes
the hash is enough, which I think it is; more metadata, like
BitTorrent tracker addresses, would be okay, though.)

It's more tricky to handle mutable content.  I think you have to do
something like:

where the hash is of a public key used to control that page.  To find
the current content, you look on your P2P networks for documents
(+mime headers) signed by a key with that hash and labeled as being
content for "".  You look for the most recent one,
and check its expiration information; if it's stale, go ahead and use
HTTP and then make it available on the P2P network (if the CC license
permits doing so, of course).

It's not clear to me what a user agent should do if the HTTP content
doesn't match the content_hash or key_hash; probably it should alert
the user, "This page does not follow the security requirement given in
the link you used to reach it.  The page may have been compromised, or
the link may be incorrectly formed."

     -- sandro

Received on Thursday, 30 June 2005 05:05:46 UTC