Summary:
This paper addresses the problem of false resources (spam, viruses, Trojan horses, etc.) on file-sharing peer-to-peer networks. The authors present a robust, self-regulating reputation system which uses distributed polling to help clients decide which resources to download. The algorithm considers both servent (SERVer/cliENT) and resource reputations, and can be performed over existing peer-to-peer networks with the addition of three new message pairs. In addition to presenting the XRep protocol in detail, the paper discusses how it attempts to resist common attacks against peer-to-peer and reputation-based systems such as Man in the Middle, Pseudospoofing, ID pr, and Shilling. Finally, the authors briefly consider the distribution of resources on Gnutella networks and how likely adoption of their system is with both sharing and free-riding users.

Greg's Pros:

• The authors take an existing, working, proven system and extend it in a practical way.
• The authors are attempting to solve a real issue in current P2P networks: the trade-off between full anonymity in the network vs. the desire to prevent abuse of the network and to ensure high-quality content in the network.
• The authors examine reasonable attacks against their design, in two well-defined categories (attacks against P2P systems in general, and attacks specifically against reputation-based systems). In particular, their description of the "Shilling" attack is especially important since it has been well established that entities who attempt to blatantly pollute P2P networks on a wide-scale basis exist. The authors make an attempt to provide countermeasures against such a shilling attack.
• In Section 6, the authors provide a somewhat limited analysis of P2P network performance and a discussion of its impact on the success of their protocol.

Other pros:

• The XRep protocol considers both the reputation of both servents and resources.
• A simple binary voting algorithm is proposed.
• The authors consider whether people who share resources and free-riders will use their system.

Cons:

• The voting system is too subjective. There is no clear metric for "good" vs. "bad".
• Is the system actually usable? How exactly is the user's opinion of a download acquired?
• The paper did not quantify the additional overhead of XRep on a P2P network. Will it scale?
• There is already a working informal reputation system on P2P networks based on how many copies of a resource are available.
• The RIAA has lots of resources at its disposal. Could it defeat XRep with a large shilling attack or simply lots of "bad" votes?
• Some anonymity must be lost to gain a high servent reputation.

Votes:

• Strong accept: 0
• Accept: 7
• Reject: 4
• Strong reject: 0