The RSA Conference is huge this year - they say 10,000 people, and I believe it. Quite a change from the 60-odd attendees in 1991 (though most of us are still pretty odd!).

I'm a bit disappointed that nothing has really caught my attention and excited me. It's nice to hear Adi Shamir likes the Rijndael algorithm used by the new NIST Advanced Encryption Standard (AES) which will be the replacement for the ancient (and broken) DES. But he did comment that the 10-14 rounds (depending upon key size) proposed, while sufficient to stay any known attacks, were probably insufficient to provide a solution that could last twenty years...

Overall, though, my cynical "executive" summary of the conference (and the field) is that while encryption techniques are getting better and stronger, attack methods and general user and developer/implementation errors seem to be increasing at a greater rate.

Still pre-publication, I invite comments and feedback on Reputation Capital and Exchange Mechanisms, particularly wrt the zero-knowledge proof requirements.

OpenPrivacy is an Open Source initiative. We're building a framework to allow secure reputation trade for pseudonymous entities. (See the home page for more.)

...wonder what it takes to get upgraded from Observer...

Here's a snippet from a paper I'm writing on Reputation Capital and Exchange Mechanisms.

A reputation exchange is similar to a currency exchange, but trades in reputation capital instead of money. No one can force you to start using a new currency but if all your friends - and you - move to France, you'll want to start using francs. The Reputation Management Framework provides a plug-in architecture for Reputation Calculation Engines that make this sort of "reputation-exchange" feasible. The rules governing the "exchange rate" are set by the administrators of the respective systems - poor exchange rates will discourage newcomers while inflated exchange rates will disgruntle the existing community. A particularly compelling feature is that reputation exchanges - unlike their currency-backed counterparts - are not zero-sum, in that the process of converting a reputation does not destroy the old one - it merely enables some reputation carry-though systems.

Pymmetry and Bram's "trust" code have gotten me (finally) to spending a little time with Python. It's fun and easy though I still have some of the steep part of the learning curve to go up. Emacs integration seems good, but I can't seem to find the key-binding to evaluate e.g. a test def in the file I'm working on. I'm sure there's a way...

Working with existing trust frameworks has got me thinking about how cool the OpenPrivacy reputation management framework is. It's designed so that trust metrics - such as Pymmetry or Slashdot's moderation - can be plugged in and evaluated *themselves* on their reputation. So a community that uses e.g. Pymmetry today can easily switch, if and when a better trust metric (or a newer version of Pymmetry ;-) comes along. All pre-existing identities, certification, and reputations would remain intact, perhaps translated (at owner discretion) to the new system.

Think of it like a currency exchange, but with reputations. No one can force you to start using a new currency but if all your friends move to France, you'll want to start using francs. The Reputation Management Framework provides a plug-in architecture for Reputation Calculation Engines that make this sort of "reputation-exchange" feasible. And since reputation-exchanges are not zero-sum, you actually get to keep your old reputation, too!

We're putting the finishing touches on the documentation, but the code is available now. We're also working on a example system called Reptile (Reputation-enhanced portal using Mozilla technology) - check it out!

Fought with Debian today. I had moved up to "unstable" on my personal machine to get access to some new stuff. Guess I've been lucky - and source control is getting better - as I've had no problems. But I want to get it back to "testing" level, which is anything but straightforward.