On Thu, Nov 14, 2002 at 05:46:20PM -0800, Ian Clarke wrote: > On Thu, Nov 14, 2002 at 08:08:14PM -0500, harik at chaos.ao.net wrote: > > The same way you keep your PGP key secure. Don't Share. > > Trust me, a half-motivated government or powerful organization could get > your PGP key very easily. Break into your house, install a bug in your > keyboard, or a modified version of GnuPG, and the next time you enter > your PGP password, they have it. The only thing that stops them is that > there probably isn't a good reason, but if Freenet really started to Plus, it's probably easier to get in electronically. This drops the threshold significantly. > take off - there would have more than enough motivation to do this to > one of the Freenet developers. > > > I'd suggest Web-of-Trust. Either internal to freenet or using PGP > > keyservers. Sign a .JAR with a short-expiration key (on the order of > > weeks or months) Sign that key with Ian's key. (Cross signed with > > Oskar, Matthew, etc) Now we have a distribution key, known to one > > person (The "distribution officer") with a short duration. > > And what happens when (not if - WHEN) our well-motivated opponents get > my private key? Freenet is dead already in the presence of well motivated rich opponents (electronically, illegally: map all the nodes, DoS; legally/legislatively: get a judgement or a law that freenet is an evil illegal filesharing tool). But we shouldn't be adding new vulnerabilities :). > > Ian. > > -- > Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] > Latest Project http://cematics.com/kanzi > Personal Homepage http://locut.us/
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021115/f28679fe/attachment.pgp>
