>Yay. What is to prevent Mallory from just requesting all the files at >once?
your point is valid, a hostile client can request all files it can get a hold on but a) the content provider doesn't need to upload all files it sees an upload request for. it may upload just a selected bunch of files or implement something like bandwith limiting on the upload so eventually all files go into the net without hoogint the system too much. b) if indication is not done via the File/UploadRequest key insertion, maybe a requesting-user authorization can be implemented by the client, which will reject upload requests from users markes as untrusted and priorize uploads from trusted users. c) maybe a "secret password" can be implemented. it would be used for a File/UploadRequest, so a requester will insert the additional key [EMAIL PROTECTED]/uploadrequest/secretpassword which is only known by the trusted requester and the content provider. the secret password could be rejected by distrusting the user at the provider and/or by inserting and checking for a reject key, e.g. at [EMAIL PROTECTED]/uploadrequest/secretpassword/rejected d) what's the problem? if the file is not requested, no store space is needed. if it is requested the file gets inserted but then it's the same result as if the file has been inserted at once without a requesting scheme e) a hostile frost can request all files shared via frost, too, i suppose.. f) "Yay" ? *gg* _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
