[7700] in cryptography@c2.net mail archive
Re: "Tipster" voluntary payment protocol
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Wed Aug 23 13:58:40 2000
Mime-Version: 1.0
Message-Id: <v04210107b5c9ad5dbe9c@[24.218.56.92]>
In-Reply-To: <p0431013bb5c63ce10058@[192.168.0.2]>
Date: Wed, 23 Aug 2000 12:49:07 -0400
To: Jeff Kandt <jeff@scrollbar.com>, cryptography@c2.net, dcsb@ai.mit.edu
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 10:59 PM -0400 8/20/2000, Jeff Kandt wrote:
>...
>Tipster allows the artist to revoke any given key with a revokation
>certificate. By allowing the artist to encode multiple
>URL/signature pairs onto the file, they can set up multiple,
>redundant revenue streams, and you encourage competition among
>service providers. The ability to revoke individual server keys
>means that the artist can cut off any service provider for any
>reason without interrupting the revenue stream.
>
>Of course, revokation certs will have to be kept in a central
>location, but that can be arranged.
Certificate revocation is one of the thorniest issues in public key
cryptography. Maybe you can solve it in this narrow context, but I
would avoid it if there is another way and I believe there is.
>
>>Under your scheme, each user will need a payment client or an MP3
>>player that includes a payment feature. It would make more sense to
>>have just the artist's URL included with the content and create a
>>protocol to let the payment client download a list of servers from
>>the artist's site.
>
>If you're going to include a URL with the content, you need
>something which will parse the file and read that URL. And if
>you're writing new code anyway, why not put in some crypto to give
>the fan some feeling of security (that they're paying the right
>person). As a bonus we end up empowering the musicians to an
>unprecedented degree.
The phrase "why not put in some crypto to give the fan some feeling
of security" really gets my fur up. There is no reason not to design
a system that really works. I support your overall goal, but you
will severely damage your credibility and the credibility of
voluntary payment models in general by abusing crypto in this way.
>>...
>>The recording industry is not that stupid. They can see the threat
>>almost as clearly as you can. Napster woke them up and have plenty
>>of lawyers. Expect any voluntary payment system to be sued.
>
>Please. On what grounds, counselor?
Get some lawyers on your team and ask them to look at what you are
doing from the recording industry's perspective. Also ask what a
defense will cost if you are sued.
>
>(While I enjoy arguing these philosophical and economic points,
>these lists (esp. cryptography@c2.org) probably aren't the best
>place for it. I invite you, and anyone else who's interested in
>these issues, to http://tipster.weblogs.com where we have a
>discussion group intended for just this sort of debate.)
>
Thanks for the invitation. I think I've said my piece on the
philosophy. If you want a critique of your cryptographic design (and
are prepared to listen) I prefer a forum where other cryptographers
are present.
Arnold Reinhold
