On 03/28/2014 09:40 AM, Matthew Toseland wrote: > (From FMS) > > On 28/03/14 08:18, wh@lr6fIgwYWLgplBDB9HzOSGhPuO5QH2X82LTZ5qMpuf4 wrote: >> toad-notrust@h2RzPS4fEzP0zU43GAfEgxqK2Y55~kEUNR01cWvYApI wrote : >> >>> [pay-for-opennet proposal] >> >> This surely adds a lot of bureaucracy, > > No, this is all automated, of course. And not necessarily much more > centralised than opennet is now. > >> so may I ask what would be the benefits of having this? > > Security. See below for details, sorry for not making this clear. > >> I don't think you can "push" people >> into darknet mode. It's likely they would use darknet if they just >> knew other people running Freenet. By charging them money, the few >> users Freenet has might me scared away for good. Because of this, >> I'd expect this to dramatically decrease the number of opennet peers, >> so the remaining ones would have to bear a much bigger load. > > Nobody who is already using opennet would have to pay. This is a > one-time fee for creating a new opennet core node. So it might mean that > some newbies don't become full opennet nodes; it shouldn't result in > losing a lot of existing nodes.
So this is about solidifying the network more? Would this prevent existing malicious nodes from moving around to do MAST? > And if you can't pay you can use transient mode. Which probably isn't > much less secure than opennet is now! >> >> I'd be glad to see improvements for Freenet being able to handle >> more load on a single peer first. > > IMHO the main reason for Freenet being so slow on fast nodes is that the > average node is still quite slow - so you are limited by your peers. > This proposal allows for us to impose performance requirements on core > opennet nodes. I think this is a place where we want to tread very carefully. These kinds of policy changes could alter the landscape of the network and community. >> >> But maybe I just missed what pay-for-opennet is all about to begin >> with, then someone please enlighten me. > > The main purpose is security (there are some side benefits, such as > money, and such as being able to keep out excessively slow nodes). Sorry > for not making this clear, it was late, it seemed an interesting idea... > > All powerful attacks on opennet rely on Sybil attacks. That is, creating > a large number of nodes. This is ridiculously cheap for any plausible > attacker, because IP addresses, CAPTCHAs, bandwidth, CPU and everything > else is cheaper for an attacker than for a newbie with a lowest common > denominator computer. This is *ALSO TRUE FOR TUNNELS*: Tunnel creation > has similar issues. Both are solved by darknet but not everyone can / > wants to use darknet. > > This proposal basically solves Sybil attacks, making almost all the > important attacks on Freenet much harder, and making secure tunnel setup > possible. Is the main part of this proposal that's working against Sybil the payment and resource requirements to be a core opennet node? I wouldn't expect an additional $5 per node to make things prohibitively expensive for a well-funded malicious entity. The motivation behind this idea makes sense - try to make opennet more secure. However, my reaction to this proposal is negative, and the reaction I've been hearing from the community is negative as well. Having to pay to join the (core opennet) network seems like a significant thought barrier, and I'd much prefer to be able to tell people about Freenet without having to mention that they need to pay $5 to get better / decent performance. It seems like a significant philosophical shift for the project. > Some very cheap attacks are based on changing your location, or > announcing to a chosen location, or lying about your peers' locations, > or progressively surrounding different parts of the network. These are > either solved or vastly more difficult. > > The next class of attacks involves connecting to every node and watching > what they request. This would be significantly more expensive, as you'd > have to pay to create the nodes. > > Denial of service attacks against announcement and other subtle things > that are relatively easy to do and keep us chasing our tail when we > should be doing productive things are also much harder. > > But above all, it allows us to construct tunnels with a reasonable > degree of security. Which is basically not possible unless you solve > Sybil - either via darknet or via some hard to forge scarce identity > (i.e. payment). This gives us *dramatically* better security, for > example connecting to every node to watch their traffic would be pointless. >> >> >> regards, -wh >> > On 28/03/14 08:12, The > Seeker@cI~w2hrvvyUa1E6PhJ9j5cCoG1xmxSooi7Nez4V2Gd4 wrote: >> It should be noted, for people that don't read the IRC logs, that any >> work related to such proposals would not come before disentanglement >> from db4o is complete, and already planned improvements to darknet >> are implemented. >> > Absolutely!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
