aMule Forum

English => Feature requests => Topic started by: soynor on August 27, 2009, 08:53:10 PM

Title: Hash and Filename signed
Post by: soynor on August 27, 2009, 08:53:10 PM

I'm thinking if it's possible implement a system through an user can sign with private/public keys the file hash and the file name to prevent the fakes.
The system could be as follows.

Each user has a private/public key generated by himself.
If the user decides will sign a string formed with the name and the filehash.
Then the user will publish  this string and his public key.
In the other side, other user after check the archive could add the public key to a black or white list if the file is a fake or no.
Also this second user could append this signed string or create a new one with its private key.
After a few days each user could have a white list of public keys of "good people" and could recognize easy if a user shares fakes or not.

This mechanism is similar to the comments system but with other information.

This is only an idea but i hope it could be implemented.
What do you think about this?

Title: Re: Hash and Filename signed
Post by: Stu Redman on August 29, 2009, 09:26:08 PM

You would have to sign each file individually after checking it of course for this to work.
The sources and their comments (signed or not) are gone when the file is completed and you can check it. You would have to store a list of all signed file names for a download to judge later who was good/bad. Complicated.
IIRC public/private key feature is already used in user hash verification and could be reused for something like that (didn't check though).
The "verified" flag could be transported through the comment tag without extending the protocol (which is not ours to change). So you could simply blacklist user hashes who verify something that turns out to be faked. Be careful what you verify though. What if someone accidentally verifies something which still is fake afterwards, like a movie that starts fine and then is filled with crap? You could end up with regarding other files shared and verified by him as fake although they are fine.

A good hard look at the list of shared file names has served well for me to unveil most fakes without such a feature.  :)