On Friday 15 August 2008 01:00, Florent Daignière wrote: > * Ian Clarke <[EMAIL PROTECTED]> [2008-08-14 18:42:57]: > > > On Thu, Aug 14, 2008 at 5:09 PM, Matthew Toseland > > <[EMAIL PROTECTED]> wrote: > > > On Thursday 14 August 2008 20:01, Ian Clarke wrote: > > > What do you think of my changes? > > > > > > "We strongly recommend that you only use Freenet in darknet mode [are we using > > > the term "darknet" consistently? we can't force darknet here, since that > > > would basically prevent them from using Freenet unless they know other > > > freenetters]." > > > > > > I disagree: If they set most-paranoid then opennet should not be available > > > until they change the threat level to somewhat-paranoid. > > > > What is the point in that? If they are intent on using Freenet, then > > forcing them to select an inappropriate option doesn't make them any > > more secure! The question isn't so much whether opennet is secure, > > the question is whether it is more secure than the next best option - > > which in many cases will probably be a HTTP proxy, which are trivial > > to monitor. > > > > > The UI should make > > > it easy to upgrade or downgrade the threat level, enable opennet etc, but > > > should make it clear what the ramifications are. > > > > Yes, but forcing them to pretend that they have a lower threat level > > than they do is pointless. The purpose of this mechanism must be to > > inform the user, not make some futile attempt to restrict their > > behavior. > > > > The user has to be aware that it's always a matter of trade-offs... > > We shouldn't speak about a "threat levels" but a "threat level per threat model". > > IMHO they are three major threat models: > - Treachery (how much I can trust my peers to be good guys) > * tunnels, ... FOAF and shared bloom-filters for fast remote lookup
Tunnels are relevant to network as well. > - Network (should hide from ISP, risk of MITM, ...) And above all, a remote attacker attempting to trace you from your inserts / FMS posts / etc. That is *the* threat we are primarily concerned with. > * JFK, ... Opennet, sensitivity to Sybil > - Local (should provide some resilience against a seizure) > * bucket encryption, double-datastore encryption, ... none of those > > We could use that to our advantage when advertising Freenet: make a chart > comparing freenet and the security it provides against its alternatives. > It's something the gnunet guys have been doing since ages > (http://gnunet.org/faq.php3?xlang=English#compare) > > NextGen$
pgpvol6nPkXca.pgp
Description: PGP signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
