[mnet-devel] reconsidering fundamental Mnet architecture

R. A. Hettinga rah at shipwright.com
Sat Dec 14 15:01:42 EST 2002 

--- begin forwarded text


Status: RO
To: mnet-devel at lists.sourceforge.net
From: Zooko <zooko at zooko.com>
Subject: [mnet-devel] reconsidering fundamental Mnet architecture
Sender: mnet-devel-admin at lists.sourceforge.net
Reply-To: mnet-devel at lists.sourceforge.net
Date: Sat, 14 Dec 2002 14:16:02 -0500


http://zooko.com/log-2002-12.html#d2002-12-14_the_human_context_and_the_future_of_Mnet

2002-12-14
the human context and the future of Mnet dura-link v1.0.1

The state of the art in emergent network design goes something like this:
step 1, treat everyone you talk to over the Internet identically. Whether the
other person is your best friend or the one millionth anonymous stranger from
a university network half-way around the world, you offer your resources to
them and request services from them just the same. step 2, design a wonderful,
infinitely scalable, efficient, elegant emergent network on top of this
substrate. step 3, observe that if all of the players aren't perfectly
well-behaved and altruistic, your wonderful design doesn't work, and start
trying to figure out how to salvage your beautiful design from being destroyed
by the ugly fact of malicious and/or selfish agents.

Now, solutions proposed by people in step 3 include very clever game-theoretic
tricks and cryptography, the addition of ubiquitous micropayments (as
pioneered by Mojo Nation), the addition of sophisticated redundancy so that as
long as the malicious/selfish nodes are not a sufficiently large subset their
misbehavior is drowned out by the majority, the addition of reputations so
that only people who have already done given something of value are allowed to
take something of value, and more.

But it seems to me that the first thing we should do is go back and reconsider
step 1: the part where you forget everything you know about your friends and
family and treat messages received over the Internet from strangers half-way
around the world the same as messages received over the Internet from your
best friend. I think that the emergent network designer should focus on the
human context, both because the human context is where our ultimate goals and
values are defined, and also because the human context is the best source of a
uniquely valuable network resource: trust.

(Raph Levien and Mark Miller are both thinking along these lines, although
they're thinking of dramatically different designs.)

This is the core consideration of what Lucas Gonze calls "friendnet".
"Friendnet" is similar to what business people use under the name "VPN" --
Virtual Private Network. A VPN is an "overlay network", in that it runs on top
of the Internet, but it acts like a private local network, in that all of the
computers and all of the human users on a VPN belong to the same company, obey
the same rules, and are loyal and altruistic toward one another. (Ahem.)

Now obviously there are some things we would like to do differently with
friendnet. For starters, I strongly prefer the emergent and human topology of
"I have some friends, and they have some friends, and some but not all of
their friends are also my friends.", over the centralized and, well, inhuman
topology of "Every user on this network is an employee/member of X
organization, and they are not allowed to have any network connections to
other people who are not also employees/members of X organization.".

For seconders, we could investigate the intriguing possibility of automated
transitive operations. This could be automated transitive proxying, where I
request something of my friend, and since he can't give it to me, but his
friend can, his computer automatically requests it of his friend and then
gives it over to me. It could also be automated transitive introduction, where
my friend's computer automatically introduces his friend to me (so that I can
then make direct requests of my friend's friend).

Raph's research is all about doing this automated transitive stuff in a
systemically constrained way. That is to say doing it safely -- without
letting it run out of control such that our computers offer all of our
resources and all of our privacy to a friend of a friend of a friend of a
friend, who turns out to be an enemy. I think that his research is promising
and will probably lead to very important techniques someday.

But when doing pragmatic design on the Mnet network, I would rather try the
variant without any automated transitive operations. This is simpler to
design, and almost certainly safer.

My current big issue in the design and evolution of Mnet is that this notion
of friendnet (with or without systemically contrained transitive operations)
is at odds with a fundamental architectural feature that it inherited from
Mojo Nation, as originally designed by Jim McCoy and Doug Barnes. This
architecture has it that the storage and transfer of bulk data is a global,
automatically transitively managed resource, while the encryption keys
necessary to download and decrypt the data can be private and can be shared by
actual human friends via telephone or e-mail. I always liked that idea, and
when I initially launched the Mnet project and named it a "universal
filestore", my goal was to focus the project on implementing that simple
abstraction (universal public data store, private keys).

Nowadays I'm less keen on that abstraction, since the global part of it will
eventually require some "step 3" answer, and I'm doubting that layering step 3
on top of step 2 is the right approach, compared to the approach of revisiting
step 1 and building a unified and elegant emergent network from step 1 up.
There are also technical problems with the abstraction which I'll save for a
later day.

Now, a lot (all?) of my fellow Mnet Hackers are very keen on micropayments,
and even if I were to actively oppose the micropayment notion, they would go
ahead and implement it and give it another go. So that's one future of Mnet
(or a branch of Mnet): another try at Mojo Nation's architecture wherein step
3 (integrated automatic ubiquitous micropayments) is layered on top and
provides attack resistance and resource management for step 2 (universal data
store and transport). Another future of Mnet, which is almost certainly going
to happen in the near future, is just deploying a good implementation of step
2 without any step 3. This would be more or less on par with other emergent
networks in current theory and practice, and will form an excellent base for
more experiments. A third future of Mnet (or a branch thereof), is to break
the universal filestore abstraction and return to step 1, building a
friendnet-Mnet in which any two computers are allowed to have a relationship
if and only if their human users already have a similar human relationship.

Intriguingly, all three of these possible future Mnets can in principle
interoperate with one another...


-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list