On Wed, Feb 28, 2001 at 04:05:46PM -0600, Steven Hazel wrote: > Matthew Toseland <mtoseland at cableinet.co.uk> writes: > > > On Wed, Feb 28, 2001 at 03:45:59PM -0600, Steven Hazel wrote: > > > You'll get key insertion via freenet, of course... > > > For actual data, yes. For inserting keys into an index, email is > > ideal. Email over freenet is not what we need for this, as email > > over freenet is upside down (you listen to other people's outboxes, > > only those you know about); > > I don't think that's true. Last I heard, EOF email over freenet had > inboxes rather than outboxes. Anyway, I'm not talking about using > email over Freenet, I'm talking about designing a mechanism in Freenet > specifically for inserting keys into an index. > > > any freenet insertion mechanism would be horrendously prone to > > flooding. Of course you can spam an email mechanism too, but email > > is a point to point mechanism, and the cost of sending an email > > doesn't rise with the amount of spam in the system, although the > > latency does. > > Spam in Freenet also won't crash your server. Anonymous remailers have to automatically throttle traffic. A pseudonym is normally limited to 10MB/day, and 1MB/message. Note that the pseudonym server doesn't know the destination address or the origin address, it just keeps a reply block and accepts messages for it, which hopefully have been through a chain of mixmasters first, so they are also anonymous.
The index system requires that we: 1. fetch the date updating index base 2. start at serial number 0 3. binary or linear search to find the last index file 4. insert data at the next available number So each index would be something like KSK at keyindex-20010415-0000128 KSK@<key root>-<date>-<serial number> Spamming this is a very easy attack that consumes an enormous amount of time on ANY client trying to insert data, with world writable index files, which are needed for insertion into indexes over freenet. The spammer does not necessarily have to insert all the indexes between #0 and #1M; but if he doesn't, client countermeasures may have some benefit. Regardless, it's a losing battle, and the spammer can pre-spam as well - spam for dates in the future. Any adversary with remotely reasonable resources could do an awful lot of damage. Over email, he can send the keyindex holder millions of emails, thus DoS'ing him, possibly, but the effect of spamming a freenet public index is probably much greater, consuming an arbitrary amount of time of every individual who attempts to insert data. There is still a single point of failure, the nymservers, however these are reasonably well protected and have stood up so far against the CDA et al, and the remailer network will stop listening to hosts that send too much data. Of course you can do a traditional DDoS against these sites. Certainly if it was possible to do it in freenet that would be great, but there are major issues with that. Any index can be flooded, but the cost of flooding an in-freenet world writable freenet index is certainly no less than the cost of flooding an email address, arguably much cheaper, and the spammer gets to stay anonymous. The ideal mechanism is for numerous portal sites to spring up, linking to as well as copying each others' content, with anonymous public contact details and a web of trust amongst sites, by which they could use poll-outboxes freenet email with complete anonymity. But right now we have GJ, who can't index illegal stuff much, Aardvark, who has dropped off the face of the freenet, a few mirrors of external web sites and a musician's homepage. A physical web site/form as you have now can be trivially DoS'd and even taken by threatening letter, hence the desire for anonymity and multiplicity. Thanks to the single points of failure introduced in one model and the flaws in the other model, we should probably use both systems. > > > Freenet is a publishing system, not an email system. > > I think it'll work fine. > > > It would also allow keyindexes to be run anonymously, which is also > > useful. And keyindexes will be with us for some time, if only for > > the portal owners (lament the lost Aarvark) to read new content to > > index from. > > How does an email key insert mechanism allow keyindex to run > anonymously? Very easily. Get a nym.alias.net pseudonym, for example by using Mixmaster 3 or your favourite client. Get a freenet subspace. Download the existing indexes once per day in a cron job and merge them into your local index. Insert your local index into freenet daily. Send a link to the existing freenet indexes, anonymously of course, or to ask freenet-dev to include a link to your index (we should have several anonymous indexes to minimize the chances of one going down). Build a procmail script to accept keys from email and insert them into your local database, and you're done. Insertion of the index into freenet is as anonymous as inserting any other date updating page, i.e. fairly, and getting new keys into the index is anonymous for both the sender and the keyindex owner. > -S > -- The road to Tycho is paved with good intentions... _______________________________________________ Devl mailing list Devl at freenetproject.org http://www.uprizer.com/mailman/listinfo/devl
