It turns out that since ARKs have to update the node references in the routing table, which are signed and are routinely passed on to other nodes, we need to insert in the ARK not just the physical sub-fieldset, but the whole node reference fieldset. Which we then have to either accept whole and use it to replace the old one, or ignore. Now, are there any changes that we don't want a node to be able to do to its own reference via an ARK? For example, do we want it to be able to change its own identity (which would require some interface changes, and some other code (collision detection) in rt/). This would mean that you could set up several nodes, have each one announce, then update each of their ARKs to point to one ubernode, which would then have lots of references... whether or not this is an attack, if it is possible and gets traffic then sooner or later some custom node/client will do it... is it desirable to have this possibility? Also if it were implemented there is another question w.r.t. collision detection - if a noderef changes its identity to that of another noderef already in the routing table (this will be signed by both the old and new identities, it is authorized), should we try to merge the two noderefs' keys? Or just dump one of them? Which one? On the other hand, changing your public key might be regarded as a security measure - rapidly rendering any crack of your original pubkey useless.
Input would be appreciated. -- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021221/ac737f34/attachment.pgp>
