Send Freenet-dev mailing list submissions to freenet-dev at lists.sourceforge.net
To subscribe or unsubscribe via the web, visit http://lists.sourceforge.net/mailman/listinfo/freenet-dev or, via email, send a message with subject or body 'help' to freenet-dev-request at lists.sourceforge.net You can reach the person managing the list at freenet-dev-admin at lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Freenet-dev digest..." Today's Topics: 1. Re: KHK Metadata Proposal (Alex Barnell) 2. Re: Re: KHK Metadata Proposal (Alex Barnell) 3. Re: Re: KHK Metadata Proposal (Scott G. Miller) 4. Re: Re: KHK Metadata Proposal (Lee Daniel Crocker) 5. Masada interview? (Scott G. Miller) 6. Re: Masada interview? (Brandon) --__--__-- Message: 1 Date: Thu, 22 Jun 2000 17:37:04 +0100 From: Alex Barnell <ae...@doc.ic.ac.uk> To: freenet-dev at lists.sourceforge.net Subject: Re: [Freenet-dev] KHK Metadata Proposal Reply-To: freenet-dev at lists.sourceforge.net "Scott G. Miller" wrote: > > > > > A more advanced technique would be for a message to be sent back to the > > nodes to the effect "hey guys, this metadata is bogus: delete it please". > > Any nodes detected as trying to elliminate valid data can be added to > > the ignore list of nodes, to prevent further communicaition with them. > No, this opens up attacks that try to actively remove data. > No it wont. Data will only be removed if it was incorrectly signed (nodes always check before deleting). Any nodes who forward malicious "deleteme" messages will be refused connections thereafter. Where is the DoS attack? > > 2. I envisage a web-of-trust Metadata search, where the client software > > will sort search results based upon not only how well the Metadata matches > > the request in fuzzy-string/substring/whatever terms, but also how much > > trust the user has in the authors of the Metadata. > Thats a client issue, but its certainly possible. I think this is the > place for fuzzy logic (Ian). > I've written it up in a bit more detail at http://www.doc.ic.ac.uk/~aeb99/freenet/fntrust.txt --__--__-- Message: 2 Date: Thu, 22 Jun 2000 17:40:36 +0100 From: Alex Barnell <ae...@doc.ic.ac.uk> To: freenet-dev at lists.sourceforge.net Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal Reply-To: freenet-dev at lists.sourceforge.net "Scott G. Miller" wrote: > > > > > Why even bother with unsigned metadata? It doesn't appear to have any > > great use (if signed metadata were available), and it would be a simpler > > protocol and easier to code if there was only one kind instead of two. > Because if you have to sign it, you lose anonymity. Freenet should cater > to both parties. I only lose my anonymity if someone breaks into my computer and steals the private key I generated, proving I signed the data, in which case I'm screwed anyway. --__--__-- Message: 3 Date: Thu, 22 Jun 2000 12:26:11 -0500 To: freenet-dev at lists.sourceforge.net Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" From: "Scott G. Miller" <scgmi...@indiana.edu> Reply-To: freenet-dev at lists.sourceforge.net --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > I only lose my anonymity if someone breaks into my computer and steals the > private key I generated, proving I signed the data, in which case I'm scr= ewed > anyway. No, you lose anonymity period. Just because someone doesn't know who signed something, doesnt mean they can't consider a group of documents signed by the same key from the same person. Anonymity isn't just disconnection from your identity, its the lack of any knowledge about=20 *anything* that person does.=20 This is especially bad, because you may think you're being anonymous because no one knows the key, but when you're hauled into court, the evidence that you signed all those documents is still quite real. =20 The only way I'm going to like this is if signatures are optional. --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5UkwzpXyM95IyRhURAswnAJ41ZHnHPGCrUf7hMDGmgP8SgX3oSQCgtnrU XxCvPwB+Qr25ZfDwlrXJlZ8= =AZzx -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- --__--__-- Message: 4 Date: Thu, 22 Jun 2000 18:18:52 -0700 (PDT) From: Lee Daniel Crocker <l...@piclab.com> To: freenet-dev at lists.sourceforge.net Subject: Re: [Freenet-dev] Re: KHK Metadata Proposal Reply-To: freenet-dev at lists.sourceforge.net > > I only lose my anonymity if someone breaks into my computer and steals the > > private key I generated, proving I signed the data, in which case I'm > > screwed > > anyway. > No, you lose anonymity period. Just because someone doesn't know who > signed something, doesnt mean they can't consider a group of documents > signed by the same key from the same person. Anonymity isn't just > disconnection from your identity, its the lack of any knowledge about > *anything* that person does. > > This is especially bad, because you may think you're being anonymous > because no one knows the key, but when you're hauled into court, the > evidence that you signed all those documents is still quite real. > > The only way I'm going to like this is if signatures are optional. You're using "anonymity" here in a sense I think most of us don't. Speech is anonymous, in the ordinary sense of the word, if the real identity of the speaker is not identifiable--so that he can't be sued or threatened or bombed. /Continuity/ of identity is perfectly acceptable and even desirable--the revolutionaries /want/ to know that each essay from their leader is really from him, even if they don't want anyone to know who he is. Signed metadata is clearly the best way to reliably identify documents by name, as it allows both anonymity /and/ trust. Unsigned metadata is not reliable-- it might well be acceptable anyway, but if there are people who intend to actively spoof it, I doubt it. Someone concerned about being discovered can choose to further protect himself by creating multiple signature-identities, or changing them often, changing his writing style, and keeping better physical control of private keys. -- Lee Daniel Crocker <lee at piclab.com> <http://www.piclab.com/lee/> "All inventions or works of authorship original to me, herein and past, are placed irrevocably in the public domain, and may be used or modified for any purpose, without permission, attribution, or notification."--LDC --__--__-- Message: 5 Date: Thu, 22 Jun 2000 13:03:31 -0500 To: freenet-dev at lists.sourceforge.net protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" From: "Scott G. Miller" <scgmi...@indiana.edu> Subject: [Freenet-dev] Masada interview? Reply-To: freenet-dev at lists.sourceforge.net --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Did anyone else get contacted by a Drew Masada about an interview? I don't mind granting one, but I'd rather have some backup for those things that I'm not incredibly eloquent about. --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5UlTzpXyM95IyRhURAjZCAJ9/kCH1QGFTmIMNKhldZKSXlpdQlACfRmVk 1PE/F7cvAxY68l0BU6m65Zs= =wPEx -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- --__--__-- Message: 6 Date: Thu, 22 Jun 2000 14:03:36 -0500 (CDT) From: Brandon <bl...@uts.cc.utexas.edu> To: freenet-dev at lists.sourceforge.net Subject: Re: [Freenet-dev] Masada interview? Reply-To: freenet-dev at lists.sourceforge.net > Did anyone else get contacted by a Drew Masada about an interview? I > don't mind granting one, but I'd rather have some backup for those things > that I'm not incredibly eloquent about. Never heard of the man. Some guy with the e-mail Rainraven e-mailed yesterday asking for an interview. It might be the same guy. I said sure, why the heck not, let's talk about Freenet, but he hasn't gotten back to me. --__--__-- _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev End of Freenet-dev Digest