Although intuitive, it seems like initializing (requests/inserts)
closestLocation field to our node's location could make correlation
attacks easier. In fact, if we get a request from a node whose
location matches the closestLocation value, we know that either (1)
they originated the request, or (2) we are the first in their peer
list they asked (the request is currently making bee-line progress;
which if an attacker has a known node location less-than and greater-
than connected, they could rule out?).
I thought it might help to initialize closestLocation values to a
random-but-farther-than-our-location value, but it seems that would be
even more obvious (as the default behaviour should have then made the
closestLocation to match our own). Would it help to initialize it to a
random location 'between' us and the closer of our peers?
Would it ever make sense to receive a request whose closestLocation-so-
far is further than the node we received it from? Perhaps we should
reject it or set it for them?
--
Robert Hailey
e.g. in freenet/node/NodeClientCore.java:
Object o = node.makeRequestSender(key.getNodeCHK(), node.maxHTL(),
uid, null, node.getLocation(), false, localOnly, cache, ignoreStore);
_______________________________________________
Devl mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
