On Tuesday 23 September 2003 06:16 pm, Toad wrote: > It would not help at all because the insertor would need all the keys, > and if it is compromized, it is the insertor that is compromized. > > The solution is "revocable SSKs". Basically, you have a list of SSKs to > check before allowing access to the site, and if any of them have been > inserted, you flag up a big warning message saying the site has probably > been compromized. Thus we could give a number of trusted people other > than the insertor their own keys to insert if the insert key is > compromized, and it would be checked before the user views the site. > Although freenet loses data, these keys would spread pretty quickly > given the frequency of them being requested. I would want to test that > assertion though. The user interface would look something like the > splitfile downloader, but of course it would be cached and prefetched > for the front page links if any of them are revocable.
This is really a non-issue. It is very easy to secure a single key. The only way anyone could takeover the Freenet Freenet page would for them to gain access to the file it was stored in on the computer that inserts it. But if they can do that they could just as easily takeover the normal Freenet websight. It is no LESS secure then things are now. One could even make it more secure, because the computer that has that key could be running a transient node that is otherwise completely Firewalled off from the rest of the world, and in a secure location. Or if you are really paranoid, don't automate updates of the site, and insist that whoever is in charge of uploading it each night type the key in manually. Also implementing something like this is not generally advantageous to the network. For example, nobody needs to worry about a third party taking over their site, simply because that party would have to identify and locate them in the first place, when the whole point of Freenet is that they cannot. _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
