Tavin Cole <tcole at espnow.com> writes: > On Thu, Jan 24, 2002 at 12:10:14PM -0600, Edgar Friendly wrote: > > My argument was that now you just get back a generic "QRej", without a > > reason, you don't know which is the case. So an attacker can't use that > > information to determine the path of a request. > > > > It doesn't "compromise anonymity", it just gives an attacker more > > information than I'd like them to have. > > Well, they already get a reason string that says "route not found" or > "looped request," and they already get the HTL value at the rejecting > node. > > -tc > And I ask "why are we giving that information?" I don't see it being any use except to someone trying to trace the path of a request. Maybe it's useful for debugging (although I don't think we currently make _any_ use of it), but I'd like to have this removed by 1.0.
Thelema -- E-mail: thelema314 at bigfoot.com Raabu and Piisu GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
