> Risk is always going to be a factor; but if we have this one centralized
> inform-style seed node, the risk is clearly unacceptable. If there are
> tens of thousands of seed nodes available all over the 'net, the risks
> become acceptable because of the "safety in numbers" which Freenet is
> so fond of invoking :)
"Risk" is an overly vague term here. There are different types of risks.
Which are we prioritizing?
There is the risk of the list of seed nodes being replaced by an attacker
on its way to the user, such as with inform.php since it's not
behind an SSL connection. There is a risk of the list of seed nodes being
corrupted if it is publically updatable, such as inform.php is. There is
the risk of relying on a centralized point which can be attacked via DoS
or legal means, such as with inform.php. There is the risk of a
centralized point being easy to eavesdrop on to catalog the IPs of users,
also a problem with inform.php.
Which of these risks are we going to try to minimize? You can't minimize
them all and you can't choose a solution until you determine what risks
you're going to deal with.
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
