I wonder what 26 hex-digits would translate to in the prose-translator we had a while back?
A long sentence? -- Robert Hailey On 2013/05/23 (May), at 7:16 AM, Matthew Toseland wrote: > Okay, so the short answer is: > > We have short invites and long invites. > > Short invite: > - A hexadecimal string of say 26 digits. > - The first 10 are an IP address and port number, for a node. This is either > the inviter, or one of its friends. > - If it's one of its friends, then we need to send the rest of the code to > the friend when we create the invite. > - The rest of the string is a one-time secret which allows the invitee to > connect and exchange full noderefs. > - If we are already on Freenet, we look up the full secret as a KSK. This > will provide the inviter's full noderef, and a new KSK to upload our noderef > to. This allows us to connect more securely (since it lets us authenticate > the inviter) and more robustly (since we can get connected even if we can't > connect to the IP address). > > Short invites are sent by text message or IM, exchanged over the phone etc. > > A long invite includes: > - Full noderef for the inviting node. > - Full noderef for all its friends. > - A one-time code serving the same purpose as the above, which is broadcast > to ALL our friends when the invite is created. > - Signature on all of the above. > - Hence we can immediately connect, even if the person who invited us is > offline. > > A long invite is a largish file, so can be used by geeks who already have GPG > set up etc, but mostly it will be included with invites on USB sticks which > also include the software, or invites on an HTTPS website. > > With either kind of invite, there is an optional out-of-band verification > stage: If either party requests it, the connection will enter an "unverified" > state, where it is connected but not in use, until it has been verified, by > either checking fingerprints or a password-based authentication scheme (one > party gives the other party a password over the phone and then the nodes do a > protocol that proves that they both have it, thus authenticating both). This > is for the really paranoid, to check that there hasn't been a > man-in-the-middle attack. > > All of our use cases reduce to these two options: > > Smartphone setup: Exchange a long invite (or full noderefs). > > Geeks: Exchange a long invite. > > Short code to be exchanged by insecure IM: Short invite. (With or without > Freenet installed!) > > USB stick: Long invite with installers. > > Printed one-way invite: Short invite. > > HTTPS website: Long invite with installers. > _______________________________________________ > Devl mailing list > [email protected] > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl _______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
