It solves #2- Don't run things you get in e-mail.. Instead of requiring a Noderef, allow someone to connect with just a password, and the IP address. This is something you can TELL someone, or say in an IM, no file transfer required.
Dave Baker wrote: > On Monday 05 March 2007 18:02:42 Colin Davis wrote: >> I know it's less secure, but what about simply allowing people to >> connect to your machine if they know a passphrase? The passphrase would >> take the place of the Key, but be user-settable, and short. > > That doesn't solve either problem though, surely? > > my 2p on #freenet: > > [17:48] <dbkr> as far as both-way-adding goes, I think that's where we reach > a > tradeoff with security, which is one of the main challanges for Freenet. > [17:49] <dbkr> I'm not convinced the whole difficulty of exchanging refs > isn't > a red herring - everyone can handle emailing a file. > > I'm definately in favour of the ability to burn a CD with an installer on it > that installs a node with your reference pre-bundled, although I think > leaving the installer out for an emailed-version means it's nothing the user > couldn't do themselves. > > > Dave > > >> >> >> If that were in place, you could send an e-mail saying: >> >> Hey Jon, I just found this cool new thing called freenet, which lets you >> get to all sorts of sites which aren't on the normal web! It's >> anonymous, and free, you should check it out. It works by connecting >> through each other's computers, but I'll let you connect to me to get >> started. >> >> Go to FreenetProject.org and download it, then give it my hostname, >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >> >> Don't give anyone else that information, or it won't work. It'll only >> allow one connection.. After your up, you can connect to other friends, >> and everyone's connection gets faster. >> >> I'm on IM if you want to talk about it. >> -Person you Know. >> >> Matthew Toseland wrote: >>> We will only get a darknet if it is really easy to swap references with >>> your friends - opennet or no opennet. >>> >>> The original idea for Freenet 0.7 reference swapping was that you: >>> - Go to your node, and ask it to create a bundle. >>> - Send the bundle to your friends. >>> - They unzip it and run it to install Freenet. >>> - The bundle includes your noderef. >>> - It also includes a one-time key that allows the node to automatically >>> connect to yours despite yours not having their noderef yet. >>> >>> There are two big problems with this: >>> >>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>> you must have already exchanged references, full stop. THIS SUCKS. It >>> also affects connectivity for newbies in a bad way (which is important >>> IMHO). >>> >>> 2) Generally people shouldn't run programs that they receive in emails! >>> >>> Solution to the first one - and to newbie connectivity issues - is to >>> implement UP&P and hope that routers implement it properly in future - >>> is this a realistic hope? >>> >>> Solution to the second one is to just send the noderef and a link to the >>> website, and only use full bundles when e.g. giving somebody a CD-R >>> (which we should make really easy). >>> >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>> not sure how well this would work for newbies, and in any case I set up >>> a darknet-tools list for people to talk about this and nobody has even >>> talked about it since a few days after it was set up, let alone done >>> anything. >>> >>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>> only one to think that's very stupid? >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Devl mailing list >>> Devl at freenetproject.org >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
