On 04/07/13 at 04:28pm, Michael Rogers wrote: > I think the point is that i2p's decision to use a decentralised > directory service led to the vulnerabilities described in the paper.
Uhm, I don't consider it a matter of centralization vs decentralization. I think the point is how I2P select peers to communicate with; attacker DoS'd previous high-performance peers, then replace them with nodes under its control, and then do measurements to estimate the victim identity. In the section 5 authors confirm that Tor shares with I2P a number of vulnerabilities (for example, repeated measurements could be made on hidden services). I consider myself a bit stupid, so I could be wrong. > You can't separate principles from their practical effects. I agree > with you that i2p's principles are great, but that shouldn't stop us > from discussing their practical effects (including the bad ones). > I don't like the idea that respect == not talking about problems. How > are problems with i2p and Tor supposed to get fixed if we don't > discuss them? > > As for personal choice - yes, it's a matter of personal choice whether > you prefer i2p's goals or Tor's goals. But whether those systems > achieve their goals is not a matter of personal choice - it's a matter > of objective fact that should be settled by examining the evidence. > I completely agree with you, I only disliked the "I2P is flawed, don't use it but instead use Tor which is safe" tone used, as we all know that no existing methods or systems are bug-free. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
