On Fri, Nov 08, 2002 at 10:27:02AM -0800, [EMAIL PROTECTED] wrote: > > As promised, archetectural notes: > > Gatekeeper: > > Provides a mechanism for freenet to fetch content from other protocols in a >distributed, anonymous manner and insert it into freenet. > > Architectural Notes: > > The gatekeeper is a framework for allowing freenet to get data from other protocols >and insert it when it can't find that data in freenet. It does this in a distributed >anonymous manner. > > When a query runs out of hops to live, or when a DataPending request gets a Data Not >Found message, freenet then asks the GateKeeper for the data. The GateKeeper checks >if the request is in the insertion keyspace of any of its gateways, and if it is, >asks that gateway to get the data. Once the data is returned from the gateway, it is >inserted into freenet with a 1 day DBR. See hobx's objection. > > In order for gateways to have enough information to fetch data from another >protocol, an extension has been made to the freenet protocol. A "GatewayHint" has >been added to requests which contains the original freenet URI of the request. >Unfortunatly, this hint makes freenet a bit more vulnerable to traffic analysis by a >hostile node. A hostile node can see what was requested just by looking at the hint. >Without the hint, the hostile node would have to do the extra work of actually >looking up the data requested to see what it is. Because of this, whether or not the >gateway hint is added to a request is configurable. If you don't want the hint added, >set the addGatewayHint parameter to false. This also means that your requests will >never proxy out to another protocol. > > Freenet documents are assumed to be static. This is not true of other protocols. For >this reason, the GateKeeper inserts with a one day DBR. Functionally, this is >equivilant to a 1 day cache of the other protocol. Because of the re-direct, this >depends upon freenet's routing to be working well. The insert takes place several >hops away from where the request originated and returns the re-direct. If routing is >not working, the insert could put the actual data where it won't be found by the >original requester when it follows the redirect. Thus, paradoxically, decreasing hops >to live actually increases the reliability of the proxy gateway mechanism. Hmmm. I'm inclined to think that we should insert the metadata properly and have gatewayhint purely for fetching the CHK... > > Implimentation notes: > > To proxy out to urls that have question marks in them, as many Wiki systems to, >question marks and colons in urls are escaped. There is no support of the post. > > Gateway Developer Notes: > > So, you're feeling ambitious and would like to create a gateway for freenet to slurp >data from your favourite protocol in a distributed anonymous way. In order to create >a gateway out to another protocol such as news or gnutella, what you have to do is to >create a class that implements freenet.node.gatekeeper.Gateway. Your class must >understands your protocal well enough to provide a >freenet.node.gatekeeper.TypedBucket that gets data from your protocol. > > If you are looking for an example, freenet.node.gatekeeper.url.UrlGateway is a >gateway to the protocols that java natively supports with a URL. > > Once you have implimented your gateway, add your gateway class to the list of >gateway classes in the gatekeeper.gateways option. The GateKeeper will use reflection >to instantiate your class and add it to its internal array of gateways. > > User Documentation: > > Freenet can function as a distributed, anonymous, caching proxy/gateway out to other >protocols. How your node participates as a gateway to other protocols is up to you. >The following options control the behavior of all gateways. Note that there are >additional options for individual gateways. > > addGatewayHint: > > Controls whether your node generates queries that may gateway out to other >protocols. > > gatekeeper.gateways : > > A list of gateways that your node supports. Currently there is only a "url" gateway >that proxies out to http and ftp. If you don't want your freenet node to ever proxy >out to other protocols in response to requests, set this to an empty string. > > gatekeeper.insertHTL : > > The hops to that the GateKeeper uses when it inserts data fetched from some gateway. > > > Url gateway: > > An example gateway that allows freenet to function as a caching, distributed, >anonymous gateway to protocols that java can natively address as a URL. This lets >freenet proxy out to http, https, and ftp. > > User Documentation: > > The URL gateway allows freenet to function as a distributed, anonymous, caching >proxy to the web, not entirely unlike peekabooty. By default, http is inserted at >freenet:KSK@http/, https is inserted at KSK@https/, and ftp is inserted at >freenet:KSK@ftp. Thus to get at http://www.foo.org/index.html, you would request >KSK@http/www.foo.org/index.html. > > Because the UrlGateway inserts KSKs, it is easy to insert bogus material. You can't >trust that what you fetch from freenet was pulled from the net rather than inserted >manually by someone with a mischeivous streak. > > Authoritative mirrors of particular portions of the web may be set up by groups of >people by using SSK keys. Let's walk through an example of how to do this. > > Suppose a group of people, are irritated because some prankster has inserted the >complete works of William Shakespeare where the UrlGateway would normal put their >favourite website, http://www.phreenet.org. The first thing these people have to do >is to somehow distribute amongst themselves the private key for the SSK where they >will be inserting the website. > > Once they have the private key, each person modifies their >gatekeeper.urlGateway.insertionPoints and gatekeeper.urlGateway.proxyPoints options >so their gateways will insert http://www.phreenet.org under the SSK, like this: > > >gatekeeper.urlGateway.insertionPoints=SSK@SOMEPRIVATEKEY/phreenet/,KSK@http/,freenet:KSK@https/,freenet:KSK@ftp > > > gatekeeper.urlGateway.proxyPoints=http://www.phreenet.org/,http://,https://,ftp:// > > And that's all there is too it, with the following caveats: > > Since the private key sits in the freenet.conf file, this private key is vulnerable. >If you are also inserting controverisal material, use a different private key. > This method of mirroring is not as anonymous as just inserting data into freenet. > It takes a number of freenet nodes to mirror a site this way reliably. The number of >nodes is related to the chance of a query getting to one of the nodes during a random >walk. This is related to the size of freenet itself. For papers on finding replicated >items with a random walk in a network, see: >http://parapet.ee.princeton.edu/~sigm2002/papers/p258-lv.pdf > > Storing Data Permanently: > > Periodically, people complain about how freenet can't store data permanently. They >would like their node to not forget particular things. Of course, there are two >problems with a node that doesn't forget particular keys. First of all, it isn't very >anonymous if your node is the "authoratiative node" for a particular key. Secondly, >the freenet network will forget the route to the key even if your node does not >forget the key itself. > > If you don't believe this, here is your chance to experiment and learn the hard way. >Use the UriGateway and file: urls to proxy out to files on your hard-drive. You'll >soon discover that while you can always get to them from your freenet node, the same >will not be true of other nodes. > > > > > Get your free encrypted email at https://www.hushmail.com > > _______________________________________________ > devl mailing list > [EMAIL PROTECTED] > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl >
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/
msg05321/pgp00000.pgp
Description: PGP signature
