I don't understand why a password and IP address is easier than a one-time reference. I suppose it has the advantage of being able to write it down - but for it to be secure it would need to be a one-time password; you'd need to generate a new one every time ...
Hmmm. Maybe we should provide both mechanisms? On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: > It solves #2- Don't run things you get in e-mail.. > > Instead of requiring a Noderef, allow someone to connect with just a > password, and the IP address. This is something you can TELL someone, or > say in an IM, no file transfer required. > > Dave Baker wrote: > > On Monday 05 March 2007 18:02:42 Colin Davis wrote: > >> I know it's less secure, but what about simply allowing people to > >> connect to your machine if they know a passphrase? The passphrase would > >> take the place of the Key, but be user-settable, and short. > > > > That doesn't solve either problem though, surely? > > > > my 2p on #freenet: > > > > [17:48] <dbkr> as far as both-way-adding goes, I think that's where we > > reach a > > tradeoff with security, which is one of the main challanges for Freenet. > > [17:49] <dbkr> I'm not convinced the whole difficulty of exchanging refs > > isn't > > a red herring - everyone can handle emailing a file. > > > > I'm definately in favour of the ability to burn a CD with an installer on > > it > > that installs a node with your reference pre-bundled, although I think > > leaving the installer out for an emailed-version means it's nothing the > > user > > couldn't do themselves. > > > > > > Dave > > > > > >> > >> > >> If that were in place, you could send an e-mail saying: > >> > >> Hey Jon, I just found this cool new thing called freenet, which lets you > >> get to all sorts of sites which aren't on the normal web! It's > >> anonymous, and free, you should check it out. It works by connecting > >> through each other's computers, but I'll let you connect to me to get > >> started. > >> > >> Go to FreenetProject.org and download it, then give it my hostname, > >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > >> > >> Don't give anyone else that information, or it won't work. It'll only > >> allow one connection.. After your up, you can connect to other friends, > >> and everyone's connection gets faster. > >> > >> I'm on IM if you want to talk about it. > >> -Person you Know. > >> > >> Matthew Toseland wrote: > >>> We will only get a darknet if it is really easy to swap references with > >>> your friends - opennet or no opennet. > >>> > >>> The original idea for Freenet 0.7 reference swapping was that you: > >>> - Go to your node, and ask it to create a bundle. > >>> - Send the bundle to your friends. > >>> - They unzip it and run it to install Freenet. > >>> - The bundle includes your noderef. > >>> - It also includes a one-time key that allows the node to automatically > >>> connect to yours despite yours not having their noderef yet. > >>> > >>> There are two big problems with this: > >>> > >>> 1) Everyone and his dog is behind a NAT. This means in order to connect > >>> you must have already exchanged references, full stop. THIS SUCKS. It > >>> also affects connectivity for newbies in a bad way (which is important > >>> IMHO). > >>> > >>> 2) Generally people shouldn't run programs that they receive in emails! > >>> > >>> Solution to the first one - and to newbie connectivity issues - is to > >>> implement UP&P and hope that routers implement it properly in future - > >>> is this a realistic hope? > >>> > >>> Solution to the second one is to just send the noderef and a link to the > >>> website, and only use full bundles when e.g. giving somebody a CD-R > >>> (which we should make really easy). > >>> > >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > >>> not sure how well this would work for newbies, and in any case I set up > >>> a darknet-tools list for people to talk about this and nobody has even > >>> talked about it since a few days after it was set up, let alone done > >>> anything. > >>> > >>> <_ph00> so the basic problem is "how to safely exchage refs", and the > >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > >>> only one to think that's very stupid? > >>> > >>> > >>> ------------------------------------------------------------------------ > >>> > >>> _______________________________________________ > >>> Devl mailing list > >>> Devl at freenetproject.org > >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > >> _______________________________________________ > >> Devl mailing list > >> Devl at freenetproject.org > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070305/f6fc4ba8/attachment.pgp>
