Ian Clarke schrieb:
> The simplest solution would be to keep using the current inform.php
> script, a node connects to it on startup, and gets a list of other node
> addresses. The problem here is that it would be trivial to fill up
> inform.php with references to nodes controlled by Mr Evil. Any user
> which connected to this script would unwittingly join a network of nodes
> controlled by Mr Evil who would then be able to do evil things (as Mr
> Evil is known to do).
Who needs Mr Evil when we have Mr. Bad? ;-). Why not leave the user the
choice and for example expand Setup.java to ask if the user should get
nodes via inform.php or propose a central (relatively trusted) node as
default instead.
So you could opt during the installation for either getting nodes from a
website (with the danger of having Mr Evil having flooded the list with
his nodes), using the proposed default node (which could be set by each
distributor himself differently) (with the danger of having a) the node
log all new nodes and b) creating a centralized network if everybody
uses the same starting point), or manually choosing a known address
(from a friend etc...).
> A more sophisticated solution would be to have one or more central
> "trusted" nodes, which can be used to send announcement messages to,
> which will be forwarded on into the rest of the network. One attack on
> this would be for Mr Evil to flood these nodes with announcement
> messages thus ensuring that all references in their datastore point to
> evil nodes, thus suffering from the same problem as described in the
> previous paragraph. To avoid this, the trusted node could just forward
> on announcement messages without making changes to its own datastore.
>
> The problem is that it might be possible to compromise even this
> arrangement (oskar made some vague suggestions although I am not yet
> convinced that it would be particularly easy, or couldn't be countered
> with one or two additional modifications). I am sure he will correct me
> if there is any inaccuracy, however Oskar's view was that each user
> should be responsible for securely finding out the address of another
> node in the network, without relying on any public list of trusted
> nodes.
>
> The problem here is obvious, the vast majority of Freenet users will not
> have the ability to do this (hell, I would have trouble finding such a
> node address without asking this mailing list, and if everyone needed to
> do that we would have 10,000 emails a day just requesting node
> addresses!). The most likely (and scariest) scenario is that someone
> (perhaps Mr Evil in disguise) would provide a widely known node which
> the vast majority of people would use out of convenience with
> disasterous consequences. Sure, we could sit in our ivory tower and
> tut-tut about idiot newbies, but that really doesn't help Freenet's
> users.
>
> So what is the solution? I propose that each distribution site for
> Freenet also provides one or more seed nodes (since the place where you
> downloaded Freenet already knows your IP address this doesn't really
> have a big impact on privacy). These seed nodes should have
> configuration options (such as just forwarding announcement messages
> with no datastore modification) which would make it much more difficult
> for a malicious node to hijack them. Paranoid users are encouraged to
> find a node address through secure out-of-band means.
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
