Send Freenet-dev mailing list submissions to
freenet-dev at lists.sourceforge.net
To subscribe or unsubscribe via the web, visit
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
or, via email, send a message with subject or body 'help' to
freenet-dev-request at lists.sourceforge.net
You can reach the person managing the list at
freenet-dev-admin at lists.sourceforge.net
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freenet-dev digest..."
Today's Topics:
1. Re: KHK Metadata Proposal (Alex Barnell)
2. Re: Re: KHK Metadata Proposal (Alex Barnell)
3. Re: Re: KHK Metadata Proposal (Scott G. Miller)
4. Re: Re: KHK Metadata Proposal (Lee Daniel Crocker)
5. Masada interview? (Scott G. Miller)
6. Re: Masada interview? (Brandon)
--__--__--
Message: 1
Date: Thu, 22 Jun 2000 17:37:04 +0100
From: Alex Barnell <ae...@doc.ic.ac.uk>
To: freenet-dev at lists.sourceforge.net
Subject: Re: [Freenet-dev] KHK Metadata Proposal
Reply-To: freenet-dev at lists.sourceforge.net
"Scott G. Miller" wrote:
>
> >
> > A more advanced technique would be for a message to be sent back to the
> > nodes to the effect "hey guys, this metadata is bogus: delete it please".
> > Any nodes detected as trying to elliminate valid data can be added to
> > the ignore list of nodes, to prevent further communicaition with them.
> No, this opens up attacks that try to actively remove data.
>
No it wont. Data will only be removed if it was incorrectly signed (nodes always
check before deleting). Any nodes who forward malicious "deleteme" messages will
be refused connections thereafter. Where is the DoS attack?
> > 2. I envisage a web-of-trust Metadata search, where the client software
> > will sort search results based upon not only how well the Metadata matches
> > the request in fuzzy-string/substring/whatever terms, but also how much
> > trust the user has in the authors of the Metadata.
> Thats a client issue, but its certainly possible. I think this is the
> place for fuzzy logic (Ian).
>
I've written it up in a bit more detail at
http://www.doc.ic.ac.uk/~aeb99/freenet/fntrust.txt
--__--__--
Message: 2
Date: Thu, 22 Jun 2000 17:40:36 +0100
From: Alex Barnell <ae...@doc.ic.ac.uk>
To: freenet-dev at lists.sourceforge.net
Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal
Reply-To: freenet-dev at lists.sourceforge.net
"Scott G. Miller" wrote:
>
> >
> > Why even bother with unsigned metadata? It doesn't appear to have any
> > great use (if signed metadata were available), and it would be a simpler
> > protocol and easier to code if there was only one kind instead of two.
> Because if you have to sign it, you lose anonymity. Freenet should cater
> to both parties.
I only lose my anonymity if someone breaks into my computer and steals the
private key I generated, proving I signed the data, in which case I'm screwed
anyway.
--__--__--
Message: 3
Date: Thu, 22 Jun 2000 12:26:11 -0500
To: freenet-dev at lists.sourceforge.net
Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal
protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0"
From: "Scott G. Miller" <scgmi...@indiana.edu>
Reply-To: freenet-dev at lists.sourceforge.net
--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> I only lose my anonymity if someone breaks into my computer and steals the
> private key I generated, proving I signed the data, in which case I'm scr=
ewed
> anyway.
No, you lose anonymity period. Just because someone doesn't know who
signed something, doesnt mean they can't consider a group of documents
signed by the same key from the same person. Anonymity isn't just
disconnection from your identity, its the lack of any knowledge about=20
*anything* that person does.=20
This is especially bad, because you may think you're being anonymous
because no one knows the key, but when you're hauled into court, the
evidence that you signed all those documents is still quite real. =20
The only way I'm going to like this is if signatures are optional.
--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5UkwzpXyM95IyRhURAswnAJ41ZHnHPGCrUf7hMDGmgP8SgX3oSQCgtnrU
XxCvPwB+Qr25ZfDwlrXJlZ8=
=AZzx
-----END PGP SIGNATURE-----
--k+w/mQv8wyuph6w0--
--__--__--
Message: 4
Date: Thu, 22 Jun 2000 18:18:52 -0700 (PDT)
From: Lee Daniel Crocker <l...@piclab.com>
To: freenet-dev at lists.sourceforge.net
Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal
Reply-To: freenet-dev at lists.sourceforge.net
> > I only lose my anonymity if someone breaks into my computer and steals the
> > private key I generated, proving I signed the data, in which case I'm
> > screwed
> > anyway.
> No, you lose anonymity period. Just because someone doesn't know who
> signed something, doesnt mean they can't consider a group of documents
> signed by the same key from the same person. Anonymity isn't just
> disconnection from your identity, its the lack of any knowledge about
> *anything* that person does.
>
> This is especially bad, because you may think you're being anonymous
> because no one knows the key, but when you're hauled into court, the
> evidence that you signed all those documents is still quite real.
>
> The only way I'm going to like this is if signatures are optional.
You're using "anonymity" here in a sense I think most of us don't.
Speech is anonymous, in the ordinary sense of the word, if the real
identity of the speaker is not identifiable--so that he can't be
sued or threatened or bombed. /Continuity/ of identity is perfectly
acceptable and even desirable--the revolutionaries /want/ to know
that each essay from their leader is really from him, even if they
don't want anyone to know who he is. Signed metadata is clearly
the best way to reliably identify documents by name, as it allows
both anonymity /and/ trust. Unsigned metadata is not reliable--
it might well be acceptable anyway, but if there are people who
intend to actively spoof it, I doubt it.
Someone concerned about being discovered can choose to further
protect himself by creating multiple signature-identities, or
changing them often, changing his writing style, and keeping better
physical control of private keys.
--
Lee Daniel Crocker <lee at piclab.com> <http://www.piclab.com/lee/>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC
--__--__--
Message: 5
Date: Thu, 22 Jun 2000 13:03:31 -0500
To: freenet-dev at lists.sourceforge.net
protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy"
From: "Scott G. Miller" <scgmi...@indiana.edu>
Subject: [Freenet-dev] Masada interview?
Reply-To: freenet-dev at lists.sourceforge.net
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Did anyone else get contacted by a Drew Masada about an interview? I
don't mind granting one, but I'd rather have some backup for those things
that I'm not incredibly eloquent about.
--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5UlTzpXyM95IyRhURAjZCAJ9/kCH1QGFTmIMNKhldZKSXlpdQlACfRmVk
1PE/F7cvAxY68l0BU6m65Zs=
=wPEx
-----END PGP SIGNATURE-----
--KsGdsel6WgEHnImy--
--__--__--
Message: 6
Date: Thu, 22 Jun 2000 14:03:36 -0500 (CDT)
From: Brandon <bl...@uts.cc.utexas.edu>
To: freenet-dev at lists.sourceforge.net
Subject: Re: [Freenet-dev] Masada interview?
Reply-To: freenet-dev at lists.sourceforge.net
> Did anyone else get contacted by a Drew Masada about an interview? I
> don't mind granting one, but I'd rather have some backup for those things
> that I'm not incredibly eloquent about.
Never heard of the man. Some guy with the e-mail Rainraven e-mailed
yesterday asking for an interview. It might be the same guy. I said sure,
why the heck not, let's talk about Freenet, but he hasn't gotten back to
me.
--__--__--
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
End of Freenet-dev Digest
