On Fri, Nov 08, 2002 at 10:27:02AM -0800, thirty at hushmail.com wrote: > > As promised, archetectural notes: > > Gatekeeper: > > Provides a mechanism for freenet to fetch content from other protocols in a > distributed, anonymous manner and insert it into freenet. > > Architectural Notes: > > The gatekeeper is a framework for allowing freenet to get data from other > protocols and insert it when it can't find that data in freenet. It does this > in a distributed anonymous manner. > > When a query runs out of hops to live, or when a DataPending request gets a > Data Not Found message, freenet then asks the GateKeeper for the data. The > GateKeeper checks if the request is in the insertion keyspace of any of its > gateways, and if it is, asks that gateway to get the data. Once the data is > returned from the gateway, it is inserted into freenet with a 1 day DBR. See hobx's objection. > > In order for gateways to have enough information to fetch data from another > protocol, an extension has been made to the freenet protocol. A "GatewayHint" > has been added to requests which contains the original freenet URI of the > request. Unfortunatly, this hint makes freenet a bit more vulnerable to > traffic analysis by a hostile node. A hostile node can see what was requested > just by looking at the hint. Without the hint, the hostile node would have to > do the extra work of actually looking up the data requested to see what it > is. Because of this, whether or not the gateway hint is added to a request is > configurable. If you don't want the hint added, set the addGatewayHint > parameter to false. This also means that your requests will never proxy out > to another protocol. > > Freenet documents are assumed to be static. This is not true of other > protocols. For this reason, the GateKeeper inserts with a one day DBR. > Functionally, this is equivilant to a 1 day cache of the other protocol. > Because of the re-direct, this depends upon freenet's routing to be working > well. The insert takes place several hops away from where the request > originated and returns the re-direct. If routing is not working, the insert > could put the actual data where it won't be found by the original requester > when it follows the redirect. Thus, paradoxically, decreasing hops to live > actually increases the reliability of the proxy gateway mechanism. Hmmm. I'm inclined to think that we should insert the metadata properly and have gatewayhint purely for fetching the CHK... > > Implimentation notes: > > To proxy out to urls that have question marks in them, as many Wiki systems > to, question marks and colons in urls are escaped. There is no support of the > post. > > Gateway Developer Notes: > > So, you're feeling ambitious and would like to create a gateway for freenet > to slurp data from your favourite protocol in a distributed anonymous way. In > order to create a gateway out to another protocol such as news or gnutella, > what you have to do is to create a class that implements > freenet.node.gatekeeper.Gateway. Your class must understands your protocal > well enough to provide a freenet.node.gatekeeper.TypedBucket that gets data > from your protocol. > > If you are looking for an example, freenet.node.gatekeeper.url.UrlGateway is > a gateway to the protocols that java natively supports with a URL. > > Once you have implimented your gateway, add your gateway class to the list of > gateway classes in the gatekeeper.gateways option. The GateKeeper will use > reflection to instantiate your class and add it to its internal array of > gateways. > > User Documentation: > > Freenet can function as a distributed, anonymous, caching proxy/gateway out > to other protocols. How your node participates as a gateway to other > protocols is up to you. The following options control the behavior of all > gateways. Note that there are additional options for individual gateways. > > addGatewayHint: > > Controls whether your node generates queries that may gateway out to other > protocols. > > gatekeeper.gateways : > > A list of gateways that your node supports. Currently there is only a "url" > gateway that proxies out to http and ftp. If you don't want your freenet node > to ever proxy out to other protocols in response to requests, set this to an > empty string. > > gatekeeper.insertHTL : > > The hops to that the GateKeeper uses when it inserts data fetched from some > gateway. > > > Url gateway: > > An example gateway that allows freenet to function as a caching, distributed, > anonymous gateway to protocols that java can natively address as a URL. This > lets freenet proxy out to http, https, and ftp. > > User Documentation: > > The URL gateway allows freenet to function as a distributed, anonymous, > caching proxy to the web, not entirely unlike peekabooty. By default, http is > inserted at freenet:KSK at http/, https is inserted at KSK at https/, and ftp > is inserted at freenet:KSK at ftp. Thus to get at > http://www.foo.org/index.html, you would request KSK at > http/www.foo.org/index.html. > > Because the UrlGateway inserts KSKs, it is easy to insert bogus material. You > can't trust that what you fetch from freenet was pulled from the net rather > than inserted manually by someone with a mischeivous streak. > > Authoritative mirrors of particular portions of the web may be set up by > groups of people by using SSK keys. Let's walk through an example of how to > do this. > > Suppose a group of people, are irritated because some prankster has inserted > the complete works of William Shakespeare where the UrlGateway would normal > put their favourite website, http://www.phreenet.org. The first thing these > people have to do is to somehow distribute amongst themselves the private key > for the SSK where they will be inserting the website. > > Once they have the private key, each person modifies their > gatekeeper.urlGateway.insertionPoints and gatekeeper.urlGateway.proxyPoints > options so their gateways will insert http://www.phreenet.org under the SSK, > like this: > > gatekeeper.urlGateway.insertionPoints=SSK at SOMEPRIVATEKEY/phreenet/,KSK at > http/,freenet:KSK at https/,freenet:KSK at ftp > > gatekeeper.urlGateway.proxyPoints=http://www.phreenet.org/,http://,https://,ftp:// > > > And that's all there is too it, with the following caveats: > > Since the private key sits in the freenet.conf file, this private key is > vulnerable. If you are also inserting controverisal material, use a different > private key. > This method of mirroring is not as anonymous as just inserting data into > freenet. > It takes a number of freenet nodes to mirror a site this way reliably. The > number of nodes is related to the chance of a query getting to one of the > nodes during a random walk. This is related to the size of freenet itself. > For papers on finding replicated items with a random walk in a network, see: > http://parapet.ee.princeton.edu/~sigm2002/papers/p258-lv.pdf > > Storing Data Permanently: > > Periodically, people complain about how freenet can't store data permanently. > They would like their node to not forget particular things. Of course, there > are two problems with a node that doesn't forget particular keys. First of > all, it isn't very anonymous if your node is the "authoratiative node" for a > particular key. Secondly, the freenet network will forget the route to the > key even if your node does not forget the key itself. > > If you don't believe this, here is your chance to experiment and learn the > hard way. Use the UriGateway and file: urls to proxy out to files on your > hard-drive. You'll soon discover that while you can always get to them from > your freenet node, the same will not be true of other nodes. > > > > > Get your free encrypted email at https://www.hushmail.com > > _______________________________________________ > devl mailing list > devl at freenetproject.org > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021109/d5efc342/attachment.pgp>
