2013/11/16 rysiek <[email protected]> > So I guess this is my question: does RetroShare's protocol seem solid and > sensible? Should we invest time and effort into it? >
It's basic concepts are pretty well considered. It's quite like Tor only the first nodes are "trusted nodes" and not just any random one. That said I think the whole RetroShare thingy is shot to hell regarding traffic analysis. That's hard for everyone except the Top Secret level people. Far as I know there's no deep-communication tactics except store-and-forward for forums. That's some weakness if you ask me. Finding a file based on a hash requires broadcasting the request for the hash, which will likely flood through (part of) the network. Tracing back a flood is pretty easy with a few nodes. Invest in it? Not a bad thing to invest in. But it's not that special on the crypto/security level AFAIK. I think the whole P2P thing is a bigger deal than the crypto part of it.
