> BUT, the MSK@SSK@... is *not* spoofable. KSK@blah is spoofable. FreeWeb
does not
> allow MSK@SSK@... - it looks up the KSK every time to avoid nasty long
(secure)
> URLs. Freenet is secure if you use MSK@SSK@
Again... <groan>... FreeWeb publishes and maintains totally secure sites in
the standard freenet:MSK@SSK@alphabetsoup/subkey// format!
Referencing them via insecure hyperlinks is only an option.
omigod :(
David
----- Original Message -----
From: "toad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 30, 2001 12:19
Subject: Re: [freenet-devl] Freeweb comments
> On Tue, May 29, 2001 at 08:04:38PM -0400, eigenman wrote:
> > > > Well duh.
> > > > freeweb is to freenet as WWW is to HTTP!
> > > > Its a naming process.
> > > >
> > >
> > > WWW is to HTTP? Huh?
> >
> > An abstract naming simplification. Which stops at a point where most
> > average people understand how to use it.
> > I could use HTTP directly but why?
> >
> > >
> > >
> > > > > People who want security will use MSK/SSK. People
> > > > > who don't need it will use Windows and FreeWeb or
> > > > > more likely a web server. If someone really needs
> > > > > encryption they will take the extra time to do it
> > > > > right.
> > > >
> > > > So how does the naming compromise security again?
> > > >
> > >
> > > This is a perfect example of why .free is bad. A
> > > little knowledge is a dangerous thing. FreeWeb relies
> > > on KSKs which are insecure!
> >
> > But Ian just told me that KSK@ is the simplest choice for easy naming on
the
> > freenet protocol.
> > He sugested this as an equivaliant to .free naming.
> > If this is insecure then freenet is already insecure.
> >
> > >
> > > > I fail to see the problem with making it easier for
> > > people to secure their
> > > > stuff.
> > > > Command line people will say its the easiest thing
> > > in the world. Just cd
> > > > to /usr/devNULL/42//bin and
> > > > execute 'boringcommand /ssd /a hhhDD44D3 [opp23.a4]
> > > etc.... '
> > > >
> > > > Oh yeah,
> > > >
> > > > Command line ism is the future to security. right?
> > > >
> > > > Wrong.
> > >
> > > Nobody is suggesting using command line interfaces.
> > > Where did you get that from?
> >
> > Command line ism ss the notion that command line like interfaces trump
> > others for various reasons.(some good some not)
> > At the moment freenet seems to be a command line protocol.
Understandable.
> > Its an infant.
> > But people will say this makes it more secure. This is not true. Some
> > one's ignorance of command line intracies of the interface is not a
> > platform for arguing security unless you plan to make some kind of
secret
> > society.
> > I assume that Freenet is not a secret society and that the information
we
> > are discussing, such as naming will be available for anyone to get.
Most
> > Freenet keys are available publicly. So naming these difficult to
verbalize
> > keys to something more intuitive
> > is good for the average joe free guy. My point about command line isms
is
> > that developers speak this language easily and hence don't infer a cost
> > here. But average intuitive joe free guy will infer a cost. joe free
guy
> > does not understand the language and must be spoon fed. I prefer an
> > intuitive ism here for joe free guy.
> BUT, the MSK@SSK@... is *not* spoofable. KSK@blah is spoofable. FreeWeb
does not
> allow MSK@SSK@... - it looks up the KSK every time to avoid nasty long
(secure)
> URLs. Freenet is secure if you use MSK@SSK@... - freenet hyperlinks are
secure
> (FreeWeb's aren't), freenet links sent via email with the full MSK URL are
> secure (ditto), and freenet sites which you fetch via a KSK should end up
as
> MSKs, when you bookmark them, and so once they are in your bookmarks, they
are
> secure (i.e., they will remain the same site by the same publisher).
> >
> > It is joe free guy who will benefit the most.
> By having a system unusable due to everyone spoofing everyone else's
sites?
> >
> > However. Ian has a point that it seems if we want joe free guy to use
this
> > system then there should be a serious conventions discussion before
> > proceeding.
> >
> > David McNab has simply wrote something that can tested. Now the debate
> > should begin.
> > A concensous should be formed on a naming standard a this point.
> > Names are important and should not be taken lightly.
> >
> > David is not re-writing freenet. He made his own app on his own time.
A
> > freeet app.
> > People don't have to use it. But if people like it they will.
> > Let the usage vote.
> >
> > reagrds,
> > Jay Ferguson
> >
> >
> > _______________________________________________
> > Devl mailing list
> > [EMAIL PROTECTED]
> > http://lists.freenetproject.org/mailman/listinfo/devl
>
> --
> Always hardwire the explosives
> -- Fiona Dexter quoting Monkey, J. Gregory Keyes, Dark Genesis
>
> _______________________________________________
> Devl mailing list
> [EMAIL PROTECTED]
> http://lists.freenetproject.org/mailman/listinfo/devl
>
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
