On Sunday 09 November 2003 02:36 pm, Martin Stone Davis wrote:You tell me.
Tom Kaitchuck wrote:
So, can negative trust work?
Why even bother? Think about it like this. Suppose each node is limited to a certain number of connections or a certain amount of bandwidth or a certain number of queries by each node they connect to. There is ZERO incentive try to modify freenet to make multiple identities to get around this. WHY? Because those nodes that you are connecting to, are still limited in those same resources, so to a limited extent your different identities are compeating with each other. It would be better form a greedy clients perspective to simply connect to more nodes! It is VERY EASY to connect to more nodes, and as far as the network is concerned, that is legitimate. So what are we trying to thwart here? A REALLY crappy denial of service attack?
We're talking about (not) modifying freenet in such a way that a "REALLY crappy denial of service attack" would actually work. Yes, at the moment, we are safe because we're not about to implement my crappy "appointment" scheme which *relied* on negative trust. Negative trust doesn't work when identity is free.
And as it turns out, identity really *is* free (see the talk about DHCP), so any negative-trust-dependant system will fail.
What about this is so fscking hard to understand?
Node A wants to request 1000 keys.
Option A (or "the problem"):
Node A connects to 10 nodes with 10 identities which each request 10 keys.
Result: node A has retrieved all 1000 keys at the expense of others trying to use those 10 nodes.
Option B (on "Normal Behavior")
Node A connects to 100 nodes with 1 identity and requests 10 keys form each of them.
Result: node A gets all 1000 keys. No single node is DOSed and the network is fine.
Why on earth would someone go out of their way to do A when B is both easier and faster. It's not even an issue of being selfish. It is obvious that the rest of the network does not care what you are doing, so A increases the load on those 10 nodes, so node A gets it's data SLOWER than it would have if it just did option B.
So there is no incentive for anyone to do this. This is not an attack. If they wanted to DOS one node, they could much easier do it out of band, and if they wanted to attack the whole network, they aren't succeeding. So, who cares?
You've completely missed the point... how does that relate to my Doctor/Patient appointment scheme? OF COURSE, creating all those nodes would neither be beneficial to the person doing it, nor harmful to the network AS WE KNOW IT TODAY.
The point of creating all those nodes would be to break a system that depends on negative trust, SUCH AS THE (crappy) ONE I WAS PROPOSING. The scheme to break the negative trust system would be like one customer being able to use those coupons that say "one per customer" by just re-entering the store again with a different disguise on.
Go back and read my "Doctor/Patient appointment" scheme to see how the negative trust system was supposed to work there. If you still think I'm wrong, you should show how a "greedy" patient could not take advantage of the doctor in my system of enforced appointments.
-Martin
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
