Solution: "Embrace and extend" BitTorrent.
To begin, suppose RedHat started using standard BitTorrent to distribute their normal releases. (* I think they should, with one reservation.) Let's think about how such a system would work: 1. A user with BT installed on his machine opens http://www.redhat.com in his browser. 2. The user clicks on a link to a .torrent file, say "redhat9.torrent" 3. BitTorrent pops up and the user picks where to save his files 4. The user's BitTorrent client connects to the .torrent file's Tracker 5. The Tracker directs him to other users 6. He actually downloads his ISO's from the other users
That sounds entirely reasonable for the public releases. For the early releases, to paying users, I think you proposed too many changes. I think it would be entirely sufficient for Red Hat to use the standard BT clients. The server is the only thing that should require modifications.
When a user logs in to RHN, his IP could be recorded (popB4smtp anyone?). The tracker should only accept connections from users who've logged in recently. I don't think that clients necessarily have to authenticate each other, unless you think that there will be enough people predicting the address of RHN BT users and leeching their data to justify a branded RHN BT client.
It also makes early access to new releases more exclusive, which was the whole point of making RH9 available to us this week. Some subscribers will still choose to redistribute, and that's OK; everyone else gets access to the ISO's next week through the official channels anyhow. At least redistributing early under the new system requires some level of effort; this week it's been automatic with BitTorrent.
The same thing will happen if there's motivation to do it. I think that the BitTorrent setup was motivated by the utter impossibility of getting those ISOs from RHN. Next time it might just be motivated by people's desire to get stuff for free.
In any case, Red Hat running a BT system won't make a lick of difference to the people who want to distribute it through their own channels. This time, they got a hold of the ISOs and set up a tracker. If RH ran their own tracker, they'd still be able to do the same.
* My one reservation has to do with verifying the integrity of software downloaded with BitTorrent. md5sums should either come straight from the distributor (RedHat) over an SSL channel with server authentication
Like, display them on the web page that presents the link to the .torrent file?