Paper: "Publius: A robust, tamper-evident, censorship-resistant web
publishing system"


Discussion points:
-----------------
* the paper opens a "can of worms" that could lead to a controversial
issue: privacy vs. censorship. The system aims at being censorship
resistant, is that good or bad? what if the "bad guys" use the system to
violate copyrights or national security etc. Also, what amount of
censorship is enough?

* a question was raised about whether the design goals were defined before
or after the system design. It appears that the system was initially
designed to meet some goals, and probably the system was later tailored to
match the rest.

* A quick glimpse at existing anonymity tools. Two were particularly
interesting: Onion routing and Eternity.

* The "publish" mechanism of Publius appears to be well-written. However,
the "retrieve" mechanism was somewhat unclear. The deletion in Publius
appears to be a "hack" that was added later. The use of CGI makes the
deletion process prone to CGI's security vulnerabilities.

* The "update" process stirred some discussions and raised the question
whether it's possible to make a non-updateable document updateable? If
not, then an attacker can do significant damage by converting an
updateable document to a non-updateable document.

* The need of installing a proxy at the client side. raised some concerns,
however, it appears that this is the only solution and it would make the
system functional even behind a corporate proxy.

* Another concerned raised was the long non-readable Publius URL that
makes it difficult to distribute. The solutions suggested include using a
free URL forwarding service, or simply copying and pasting!

* The section about denial of service attacks suggested a payment scheme.
This stirred a discussion about available (and potential) anonymous
payment methods.