Okay, so the short answer is: We have short invites and long invites.
Short invite: - A hexadecimal string of say 26 digits. - The first 10 are an IP address and port number, for a node. This is either the inviter, or one of its friends. - If it's one of its friends, then we need to send the rest of the code to the friend when we create the invite. - The rest of the string is a one-time secret which allows the invitee to connect and exchange full noderefs. - If we are already on Freenet, we look up the full secret as a KSK. This will provide the inviter's full noderef, and a new KSK to upload our noderef to. This allows us to connect more securely (since it lets us authenticate the inviter) and more robustly (since we can get connected even if we can't connect to the IP address). Short invites are sent by text message or IM, exchanged over the phone etc. A long invite includes: - Full noderef for the inviting node. - Full noderef for all its friends. - A one-time code serving the same purpose as the above, which is broadcast to ALL our friends when the invite is created. - Signature on all of the above. - Hence we can immediately connect, even if the person who invited us is offline. A long invite is a largish file, so can be used by geeks who already have GPG set up etc, but mostly it will be included with invites on USB sticks which also include the software, or invites on an HTTPS website. With either kind of invite, there is an optional out-of-band verification stage: If either party requests it, the connection will enter an "unverified" state, where it is connected but not in use, until it has been verified, by either checking fingerprints or a password-based authentication scheme (one party gives the other party a password over the phone and then the nodes do a protocol that proves that they both have it, thus authenticating both). This is for the really paranoid, to check that there hasn't been a man-in-the-middle attack. All of our use cases reduce to these two options: Smartphone setup: Exchange a long invite (or full noderefs). Geeks: Exchange a long invite. Short code to be exchanged by insecure IM: Short invite. (With or without Freenet installed!) USB stick: Long invite with installers. Printed one-way invite: Short invite. HTTPS website: Long invite with installers.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
