Dnia sobota, 16 listopada 2013 23:19:58 Lodewijk andré de la porte pisze: > 2013/11/16 rysiek <[email protected]> > > > So I guess this is my question: does RetroShare's protocol seem solid and > > sensible? Should we invest time and effort into it? > > It's basic concepts are pretty well considered. It's quite like Tor only > the first nodes are "trusted nodes" and not just any random one. That said > I think the whole RetroShare thingy is shot to hell regarding traffic > analysis. That's hard for everyone except the Top Secret level people. > > Far as I know there's no deep-communication tactics except > store-and-forward for forums. That's some weakness if you ask me. Finding a > file based on a hash requires broadcasting the request for the hash, which > will likely flood through (part of) the network. Tracing back a flood is > pretty easy with a few nodes. > > Invest in it? Not a bad thing to invest in. But it's not that special on > the crypto/security level AFAIK. I think the whole P2P thing is a bigger > deal than the crypto part of it.
Or, more precisely, how it *combines* crypto and P2P. Plus usability: while it's not a staple of it, it is definitely easier to set-up and use than XMPP+OTR over TOR, while the effect is more or less the same -- you get an encrypted, trusted comms channel. Wonder however if RetroShare gives you plausible deniability? -- Pozdr rysiek
signature.asc
Description: This is a digitally signed message part.
