On Wednesday 01 August 2007 21:23, NextGen$ wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-07-26 20:01:34]: > > On Thursday 26 July 2007 04:14, NextGen$ wrote: > > > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-07-25 18:39:11]: > > > > I propose that darknet nodes be allowed to forward announcements and > > > > path folding messages (ConnectDestination etc), without including > > > > their own noderefs. > > > > > > > > Any objections? > > > > > > _o/ > > > It's a bad idea. > > > Be informed that my node wont behave that way... > > > > Why, precisely, is it a bad idea? As far as I can tell it doesn't > > compromise the nodes which only relay and never send their own noderef? > > It makes flow analysis related attackes both trivial and more effective.
Only if it's done in a braindead way. Of course it has been, but it will be fixed (the current way risks fragmentation, as well as being a security issue). The following bugs are related to this: https://bugs.freenetproject.org/view.php?id=1566 https://bugs.freenetproject.org/view.php?id=1571 https://bugs.freenetproject.org/view.php?id=1570 https://bugs.freenetproject.org/view.php?id=1569 https://bugs.freenetproject.org/view.php?id=1568 > > I'm really dissapointed that you implemented it before leaving me time to > respond. You did so even though I explained to you my concerns on IRC... > > I told you about an attack vector (flow analysis using request size - > arguably already present but currently not easily exploitable) then we > disccused about workarounds (padding noderefs, limitating the number of > refs per request) and didn't manage to find any 'good' solution. There is only one ref per request. And transferring the noderef as a bulk transfer with a fixed size of say 2kB (four 512 byte packets, assuming data transfer is also in 512 byte packets, or two 1024 byte packets) would entirely solve the problem. I do agree that variable sized fields are a big deal. > > Your implementation doesn't even feature basic workarounds we talked about > and you have enabled that 'risky' option by default :( > > I don't mind about opennet beeing insecure but don't lower artificially the > security level provided by darknet. Even the current implementation will significantly help opennet (once it's been debugged), and give another reason to have darknet connections. Saying that people will just get them from #freenet-refs is nonsense, because #freenet-refs is worthless: it's a great way to get bad (newbie, slow, soon to leave) peers, and it costs a lot of time. > > NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070806/e59a4f9d/attachment.pgp>
