[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
address@hidden: Re: Support for XNS in DotGNU ?]
From: |
Norbert Bollow |
Subject: |
address@hidden: Re: Support for XNS in DotGNU ?] |
Date: |
Wed, 26 Sep 2001 07:10:30 +0200 |
FYI...
------- Start of forwarded message -------
X-From_: address@hidden Tue Sep 25 22:42:11 2001
X-Envelope-To: <address@hidden>
X-Real-To: <address@hidden>
X-Sender: ace (Unverified)
In-Reply-To: <address@hidden>
Date: Tue, 25 Sep 2001 14:51:01 -0400
To: "XNS Talk" <address@hidden>
From: "Adam C. Engst" <address@hidden>
Subject: Re: Support for XNS in DotGNU ?
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: "XNS Talk" <address@hidden>
Sender: <address@hidden>
Precedence: Bulk
List-Software: LetterRip Pro 3.0.7 by Fog City Software, Inc.
List-Subscribe: <mailto:address@hidden>
List-Digest: <mailto:address@hidden>
List-Unsubscribe: <mailto:address@hidden>
List-Id: "XNS Talk" <xnstalk.xns.org>
List-Archive: <http://archive.xns.org/xnstalk/>
List-Post: <mailto:address@hidden>
List-Owner: <mailto:address@hidden> (XNSORG List Admin)
>Adam C. Engst <address@hidden> wrote:
>
>> we'll certainly try to answer whatever questions you have
>> about how XNS and DotGNU can work together.
>
>Thank you... actually before we get deep into the details of what
>could be done together, I'd very much like to know a little more
>about some potentially bothersome areas:
Totally reasonable, and I hope I can help.
>1. One of the problems with Microsoft's Passport.com is that it
> is a single point of failure. (If some hacker or terrorist
> destroys Passport.com then all web services that rely on it
> are out of order). Is the XNS Root Agency similarly a single
> point of failure?
No. Drummond can provide more details, I'm sure, but XNS is (or
rather, can be) a peer-to-peer system. However, as with many
peer-to-peer systems, scalability can be a problem, and so XNS has
the option of using a number of root services that mirror each other.
This has changed somewhat from the information you've seen on our Web
site - staffing resources have prevented us from keeping everything
as synchronized as we'd like.
Plus, of course, the root as it was initially conceived didn't store
personal information, it was just for agents to locate one another
(and that's still basically true with the new approach with multiple
independent root service providers). Personal information is stored
in agents that reside at XNS agencies, and the goal was to have many
of those. So any one agency could theoretically be compromised (in
the usual ways like social engineering, though security is built into
XNS itself), but that wouldn't affect other agencies.
So again, no, there's no single point of failure in the XNS system.
>2. What privacy-violating information (if any) could an
> attacker potentially gain from sniffing on network
> connections close the servers of the XNS Root Agency,
> or from gaining unauthorised access to these servers?
I'll have to let Drummond answer that one, now that root services are
a bit more complicated than before (there are actually a number of
different root services, and a root service provider doesn't have to
offer all of them). I believe that XNS currently uses SSL for all
communications, which should reduce the sniffing vulnerability, and
provisions are in place for other methods of protecting the data
stream as they become available.
>3. I read something on the website that seems to imply that you
> will freely license those patents in a way that will prevent
> them from becoming a problem for Free Software
> implementations of your stuff. Are you willing and able to
> make a legally-binding commitment to this effect?
I'd love to do that, since it's certainly our intent, but I'm
currently having some confusion about how the patents (which we can't
avoid) interact with free software. Our current thought is to
dual-license the XNS source under the GPL and a slight variant of the
Sun Industry Standard Source License (SISSL) that's currently under
evaluation by the OSI.
We have a patent license with OneName that allows us to sublicense
the patents, and what I'm having trouble figuring out is if anything
in that license would bother free software folks. One of the things
that's going on behind the scenes is some restructuring of our
initial agreements with OneName, so this is the time to let us know
if there are things we should or should not do in the patent license
to make it acceptable for free software.
Then there's the question of if we have to do something other than
just releasing under the GPL to grant the free patent license to all
who wish to use our code?
cheers... -Adam
_______________________________________________________________________
Adam C. Engst Learn more about how XNS provides privacy, identity
XNSORG Chairman management, and data exchange. <http://www.xns.org/>
For contact info, use my XNS contact card. <http://xns.org/=AdamEngst>
________________________________________________________________________
The XNS Talk Mailing List is an unmoderated forum
To unsubscribe, send any message to <mailto:address@hidden>
Archives at <http://archive.xns.org/xnstalk/>
------- End of forwarded message -------