-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Granted, this approach puts a degree of trust in the node(s) recieving the
> update. It brings up another issue though. When the author inserts the
> initial revision, does he not have to trust the server nodes to not alter
> his data? If I (or a server) request a key for the first time, do I have
> any way to know if the server sending the key is really sending what it
> recieved? Or could that node alter the data without anyone being the
> wiser? There could also be the rare instance of two people inserting the
> same key at the same time on different servers. If I was the
> author I could sign the document with a cryptographic key which the reader
> would have to obtain and validate out of band (i.e. get my public key via
> email) or make the SHA1 hash some way publically known.. I would do this
Yes. Content Hash Keys, the foundation of Freenet, are encrypted by the
hash of the plaintext, then inserted under the hash of the
ciphertext. The server never knows the plaintext, or the decryption key,
so it is physically incapable of modifying the data. It can only return
meaningless garbage.
> Yes, the hash idea may not be a solution for updates, but it has been
> noted that it is secure for deletes.
Deletes are not possible in Freenet, and should not be. Please read up on
the philosophy.
> As an update soution it is weak, but not the weakest link in the chain as
> that would be the original insert.
No, the insert is very strong. Only if an adversary has surrounded that
node so that all it sees are men-in-the-middle will an insert be
comprimised.
>
> > Updating documents has to require asymmetric crypto because you have
> > to be able to identify yourself as the previous author without giving
> > them a chance to identify themselves as the authors.
>
> As long as the original was not altered by a server along the way..
It can't be, for above reasons.
>
> I appreciate your understanding and helpful comments; perhaps I should
> have stated in my earlier message that I have just joined the mailing list
> and therefore at a loss as to what has already been discussed. Oh wait, I
> did say that.
The best thing to do when coming in as a new person is to spend time
reading as much as you can about the project. That means all information
from the website and at least a month or two from the mailing lists. You
don't do yourself any favors by proposing sweeping changes without a core
understanding about what Freenet is trying to achieve, and how it does it.
Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5Eq7LpXyM95IyRhURAhHoAKCcGV3CqSR8zRISd7Mr5gslvxPqAgCbBB9I
X50/ncmvhOuxDz7Xr+C1z5k=
=YMdo
-----END PGP SIGNATURE-----
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
