Hail Storm Alternative

On this page, we hope to devise an acceptable HailStormAlternative. We wouldn't want MicroSoft to be our only choice, right?

How about something like AmericanExpress and others are trying to do with microchips on credit cards? You carry the card around with you and instead of your information living on a server microsoft owns, it lives on your personal card. -- AndyPierce

The administration cost of this suggestion doesn't put it in competition with HailStorm.

That's not quite what I was thinking of, but okay. The only thing that would need to live on the card is your ID. The rest of your personal info should be stored on servers distributed and dispersed:

- distributed:

you don't know on which machine your data is stored. Making it near impossible to be certain you've fixed errors or updated everything Yup. You just send out a change request and wait for it to happen (or not). I expect less than 100% reliability here, but then, you could send your change request again, it's like sending email Bleah. So if I move home and order stuff, I have to check each time to see if it's got the correct address? No, once a change is processed, your data is changed. The good thing is, that instead of having to change it with 20 different organizations and/or friends, you only change it once. The people that can see your address will look it up when they need it, and notice the change. What I ment was that you cannot be sure that the change is effective immediately. -- pv

So, what ensures that some set of data I want to update is updated atomically on all the distributed, dispersed servers that hold my data? E.g. if phone number and address can be on different servers, I don't want one updated and not another. Are you proposing this system does distributed transactions? And how, if I don't know which servers my data is on?

I don't mean transactions in the ACID sense, since disctributed transactions are believed to be impractical by some Wiki people. But maybe a P2P like system could do it. Send out a message with "update Address, [new value]" and some authentication, and the server holding the datum would finally receive it sometime (or not, see change processing above). I'm thinking along the line of P2P + webservices at the moment, but that might change. (Article: http://www.openp2p.com/pub/a/p2p/2001/07/20/convergence.html) -- pv

- dispersed:

data concerning a specific person is dispersed over several machines, making a single machine worthless as a cracking target. but since I need to be able to get at the data, there must be some way of getting at it all, so there's an avenue for attack that way.

Indeed. Unsolved issue. Help.

And in practice, each machine with some data on one person will have some data for many people, meaning it's worth attacking again

-- PieterVerbaarschott, with appreciated contributions in italics.

Except most of us consider it a Bad Thing (tm) for companies to hold lots of data above us. Incidentally, DotGnu is supposed to be an alternative to HailStorm. --MattBehrens

What if it used OpenSource and anyone could set up his own server, for himself or as a service to others (think webservers, but with peer discovery).

There is no secure alternative, and HailStorm isn't secure. Abandon this whole idea if you want security.

The goal is to falsify exactly this idea. There might be an acceptable alternative. I agree that total security is a high aim that few systems actually reach, but somewhere nearly there might just cut it for most people. The purpose of this page is to come up with some ideas.

Fair enough I'll justify my position. Hailstorm is based on current (and even legacy) browsers and protocols which were not designed for security. If you want security then the security community should design it as an open protocol and it will take (minimum) 5 years. Why? Most secure protocols designed by one company (including Microsoft) have been cracked. See Adobe and other incidents which are in the public eye at the moment. 5 years is a minimum - see SSL, IPSec. Also don't forget the human element - you can design the system to be secure, but humans need access (admins etc), and humans are untrustworty. By centralizing information you make the value of that information much greater. It will therefore be a greater target. So like I say - just don't do it. Keep everything distributed - the connected world is not what you want.

CategoryMicrosoft