Links

Ben Laurie blathering


Wave Trust Patterns

Ben Adida says nice things about Google Wave. But I have to differ with

… follows the same trust patterns as email …

Wave most definitely does not follow the same trust patterns as email, that is something we have explicitly tried to improve upon, In particular, the crypto we use in the federation protocol ensures that the origin of all content is known and that the relaying server did not cheat by omitting or re-ordering messages.

I should note, before anyone gets excited about privacy, that the protocol is a server-to-server protocol and so does not identify you any more than your email address does. You have to trust your server not to lie to you, though – and that is similar to email. I run my own mail server. Just saying.

I should also note that, as always, this is my personal blog, not Google’s.

4 Comments

  1. […] wrote briefly about Google Wave, and Ben Laurie points out that my statement on the Google Wave trust model is misleading. He’s right. I said that the […]

    Pingback by Benlog » More on Google Wave Trust Model — 31 May 2009 @ 17:52

  2. This is fascinating and exciting – thanks.

    Any chance of getting that paper in pdf or something more friendly than a bunch of png images?

    Comment by Neal McBurnett — 2 Jun 2009 @ 3:20

  3. The PDF is available at the bottom of the page, after the PNGs.

    Comment by Ben — 2 Jun 2009 @ 6:10

  4. The “trust” part of the wave is one of the parts that I’m concerned about ( more details are here: http://storm.alert.sk/blog/2009/06/02/Good-Vibrations ).

    I do not question “General Verifiable Federation”, that seems sound. But your are not considering “trust” infrastructure among servers. To have spam and similar negative email-like properties it is sufficient to have network open for new servers. Spammers can establish servers, send out millions of spam waves, tear them down few hours later when they are identified as spammers and repeat the process with different server identity. If server establishment is cheap that can be a successful strategy.

    As of now I haven’t seen any argument that would indicate that Wave or any of its components is improving that.

    Comment by Radovan Semancik — 4 Jun 2009 @ 9:44

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress