Some time before 0.7 i.e. within the 0.5 series, we will need to make an Official Freenet Freesite. There are major problems with keeping the private keys safe, so we need a revocation mechanism. What I would like would be when you click on the link, it goes to a page that looks a bit like the splitfile fetch page, which checks that the various revocation keys haven't been inserted and then redirects to the actual revocable SSK page. The metadata would be something like this:
Revocable.DefaultCheckTime=3600 (don't recheck if checked in last hour) Revokable.Kill.1.Redirect=SSK@<pubkey>/<filename> Revokable.Kill.1.CheckTime=86400 (don't recheck that particular file if checked in last day) Revokable.Kill.2.Redirect=SSK@<pubkey>/<filename> .... Revocable.Group1.MinKill=3 Revocable.Group1.1.Kill.Redirect=SSK@<pubkey>/<filename> Revocable.Group1.2.NoKill.DateRedirect=SSK@<pubkey>/<filename> Revocable.Group1.2.CheckTime=86400 (don't recheck that file if checked in last day) Revocable.Group1.3.Kill.Redirect=SSK@<pubkey>/<filename> etc, etc. Thus we can have files that cause instant revocation if inserted, we can have DBRs that cause revocation if they are not inserted, we can have groups within which a certain number of Kill votes will cause revocation. So for example, the major freenet developers could be given private keys to revoke the official freesite key, without necessarily having the insert key, and some of the minor freenet developers could have their own revocation keys but a revocation would only be effective if a certain majority voted to revoke. This should largely eliminate the security issues that prevent us having an official freesite. Freenet does not guarantee that the revocation keys will actually be findable after they are inserted, but if everyone is fetching them every time they go to the freesite, they should propagate fast. The downside, of course, is that checking for revocation will take some time; it may make sense to have only the download area secured in this way. -- Matthew Toseland [EMAIL PROTECTED]/[EMAIL PROTECTED] Full time freenet hacker. http://freenetproject.org/ Freenet Distribution Node (temporary) at http://0.0.0.0:8889/Sc60KWoUsCU/ ICTHUS.
pgp00000.pgp
Description: PGP signature
