If I may suggest... In a password based connection establishment the user has to interact with the node anyway (either to set or view the password to convey it). As I understand it, an established node must already have a working NAT hole with it's external address and port known. So why not have the node supply this short (copy/pastable, IM- able, conversational) string?
e.g. User enters "foriemdhs" as a new connection password, to which the node responds... "Accepted, here is a url to your node: foriemdhs at 43.213.43.1:54533" With the pinhole information, the new node can then send to the established node it's reference; yet the new node most likely does not know it's external address. However, wouldn't the source-address from the udp packets be the new node's external address 99% of the time? Perhaps this would not work if the node's pinhole changes frequently. -- Robert Hailey On Mar 6, 2007, at 10:42 AM, Matthew Toseland wrote: > Well, if you are exchanging electronically, you are probably able to > move the latter as easily as the former, no? > > Sadly no, because of the [ insert favourite expletive ] NATs which > kill > DCC. But you can move a small file with IM clients, surely? It's > moving > a file and then double clicking on it or even executing it in place, > versus copying a line of text manually. > > So it would be easier for IRC and other stuff crippled by NATs. > Would it > be easier for anything practically used by semi-geek (rather than > ubergeek) users? > > Also you can write it down. However, because it would probably have to > be a one-time password (for security when dealing with newbies; if > it's > a two way exchange, you could maybe have more permanent passwords, > at a > cost in security), you can't remember it and write it down. And > even if it wasn't one-time, you probably can't write it down anyway if > you don't have a semistatic IP - but a lot of people *do* have > semistatic IPs... > > Anyway, it would help in some cases, sure. So we should probably have > both. > > On Tue, Mar 06, 2007 at 09:05:56AM -0600, Ian Clarke wrote: >> You don't understand why: >> >> 43.213.43.1:54533:foriemdhs >> >> ...is easier than... >> >> identity=MZHvIrRsHRLqqTaEN-S5lLpeD8yk572zFfPFxsCsS-M >> location=0.16978598221719554 >> testnet=false >> myName=SanityMBP >> lastGoodVersion=Fred,0.7,1.0,1009 >> sig=1fd90af28fddd96d0b159c7bd93658f9267b84dbacef75bc400074258eabe81e, >> 433cac175114111647b4d1e0af84448c34620adb6accf307e14daf72960a8048 >> version=Fred,0.7,1.0,1009 >> dsaPubKey.y=Xw1RbImKwC5EYlfOZtvV0nUz- >> ujplXfW6IHq125LfajUe2m6sA~IHwvu75wtCvdp~TgjNlgddQMhVBtOkhvSIr1cdiWFYq >> SaeULGFDeFJdON8PZj1Apt7IN2xIVh17WUA99JoeZhCKUH9d- >> nKubllovx0qFyVpezkPaluWhQrOx0JCYEYJOmah5xIUlvdPfG7bkSWGnWDq5VfJAQTIW~ >> XW2CBjtXh1jbsfOAE1l9k35JY44jNJ4Ehq- >> qlPLYO1gqpHE~HsikKxYFGX3FcByxRIYCTxVTSfO9bx6vAxzaBQnDIC6zthhzKJAezRJE >> M~YZ4zZA0q39~0Y8eKK1yIrSOQ >> physical.udp=sanity1.dyndns.org:14505;76.167.194.83:14505 >> dsaGroup.g=UaRatnDByf0QvTlaaAXTMzn1Z15LDTXe-J~gOqXCv0zpz83CVngSkb-- >> bVRuZ9R65OFg~ATKcuw8VJJwn1~A9p5jRt2NPj2EM7bu72O85- >> mFdBhcav8WHJtTbXb4cxNzZaQkbPQUv~gEnuEeMTc80KZVjilQ7wlTIM6GIY~ZJVHMKSI >> kEU87YBRtIt1R~BJcnaDAKBJv~oXv1PS-6iwQRFMynMEmipfpqDXBTkqaQ8ahiGWA41rY >> 8d4jDhrzIgjvkzfxkkcCpFFOldwW8w8MEecUoRLuhKnY1sm8nnTjNlYLtc1Okeq- >> ba0mvwygSAf4wxovwY6n1Fuqt8yZe1PDVg >> dsaGroup.q=ALFDNoq81R9Y1kQNVBc5kzmk0VvvCWosXY5t9E9S1tN5 >> dsaGroup.p=AIYIrE9VNhM38qPjirGGT-PJjWZBHY0q- >> JxSYyDFQfZQeOhrx4SUpdc~SppnWD~UHymT7WyX28eV3YjwkVyc~-- >> H5Tc83hPjx8qQc7kQbrMb~CJy7QBX~YSocKGfioO- >> pwfRZEDDguYtOJBHPqeenVDErGsfHTCxDDKgL2hYM8Ynj8Kes0OcUzOIVhShFSGbOAjJK >> jeg82XNXmG1hhdh2tnv8M4jJQ9ViEj425Mrh6O9jXovfPmcdYIr3C~3waHXjQvPgUiK4N >> 5Saf~FOri48fK-PmwFZFc-YSgI9o2-70nVybSnBXlM96QkzU6x4CYFUuZ7- >> B~je0ofeLdX7xhehuk >> ark.pubURI=SSK at 1CA0TRYSSEnK~Tj7- >> OqVajmsqS85iUVhjmuz8EU9HQs,MuvO8pTCCPCTqUIMpkEXUBu55nV2DgiGjhSgr~9FY0 >> I,AQABAAE/ark >> ark.number=128 >> End >> >> I think it speaks for itself. >> >> Ian. >> >> On 3/5/07, Matthew Toseland <toad at amphibian.dyndns.org> wrote: >>> I don't understand why a password and IP address is easier than a >>> one-time reference. I suppose it has the advantage of being able to >>> write it down - but for it to be secure it would need to be a one- >>> time >>> password; you'd need to generate a new one every time ... >>> >>> Hmmm. Maybe we should provide both mechanisms? >>> >>> On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: >>>> It solves #2- Don't run things you get in e-mail.. >>>> >>>> Instead of requiring a Noderef, allow someone to connect with >>>> just a >>>> password, and the IP address. This is something you can TELL >>>> someone, or >>>> say in an IM, no file transfer required. >>>> >>>> Dave Baker wrote: >>>>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >>>>>> I know it's less secure, but what about simply allowing people to >>>>>> connect to your machine if they know a passphrase? The >>>>>> passphrase would >>>>>> take the place of the Key, but be user-settable, and short. >>>>> >>>>> That doesn't solve either problem though, surely? >>>>> >>>>> my 2p on #freenet: >>>>> >>>>> [17:48] <dbkr> as far as both-way-adding goes, I think that's >>>>> where we reach a >>>>> tradeoff with security, which is one of the main challanges for >>>>> Freenet. >>>>> [17:49] <dbkr> I'm not convinced the whole difficulty of >>>>> exchanging refs isn't >>>>> a red herring - everyone can handle emailing a file. >>>>> >>>>> I'm definately in favour of the ability to burn a CD with an >>>>> installer on it >>>>> that installs a node with your reference pre-bundled, although >>>>> I think >>>>> leaving the installer out for an emailed-version means it's >>>>> nothing the user >>>>> couldn't do themselves. >>>>> >>>>> >>>>> Dave >>>>> >>>>> >>>>>> >>>>>> >>>>>> If that were in place, you could send an e-mail saying: >>>>>> >>>>>> Hey Jon, I just found this cool new thing called freenet, >>>>>> which lets you >>>>>> get to all sorts of sites which aren't on the normal web! It's >>>>>> anonymous, and free, you should check it out. It works by >>>>>> connecting >>>>>> through each other's computers, but I'll let you connect to me >>>>>> to get >>>>>> started. >>>>>> >>>>>> Go to FreenetProject.org and download it, then give it my >>>>>> hostname, >>>>>> which is XXXXXXX and give it the connection passphrase >>>>>> "IamNotEvil". >>>>>> >>>>>> Don't give anyone else that information, or it won't work. >>>>>> It'll only >>>>>> allow one connection.. After your up, you can connect to other >>>>>> friends, >>>>>> and everyone's connection gets faster. >>>>>> >>>>>> I'm on IM if you want to talk about it. >>>>>> -Person you Know. >>>>>> >>>>>> Matthew Toseland wrote: >>>>>>> We will only get a darknet if it is really easy to swap >>>>>>> references with >>>>>>> your friends - opennet or no opennet. >>>>>>> >>>>>>> The original idea for Freenet 0.7 reference swapping was that >>>>>>> you: >>>>>>> - Go to your node, and ask it to create a bundle. >>>>>>> - Send the bundle to your friends. >>>>>>> - They unzip it and run it to install Freenet. >>>>>>> - The bundle includes your noderef. >>>>>>> - It also includes a one-time key that allows the node to >>>>>>> automatically >>>>>>> connect to yours despite yours not having their noderef yet. >>>>>>> >>>>>>> There are two big problems with this: >>>>>>> >>>>>>> 1) Everyone and his dog is behind a NAT. This means in order >>>>>>> to connect >>>>>>> you must have already exchanged references, full stop. THIS >>>>>>> SUCKS. It >>>>>>> also affects connectivity for newbies in a bad way (which is >>>>>>> important >>>>>>> IMHO). >>>>>>> >>>>>>> 2) Generally people shouldn't run programs that they receive >>>>>>> in emails! >>>>>>> >>>>>>> Solution to the first one - and to newbie connectivity issues >>>>>>> - is to >>>>>>> implement UP&P and hope that routers implement it properly in >>>>>>> future - >>>>>>> is this a realistic hope? >>>>>>> >>>>>>> Solution to the second one is to just send the noderef and a >>>>>>> link to the >>>>>>> website, and only use full bundles when e.g. giving somebody >>>>>>> a CD-R >>>>>>> (which we should make really easy). >>>>>>> >>>>>>> Plugins for e.g. IRC clients, IM clients, have been suggested >>>>>>> but I'm >>>>>>> not sure how well this would work for newbies, and in any >>>>>>> case I set up >>>>>>> a darknet-tools list for people to talk about this and nobody >>>>>>> has even >>>>>>> talked about it since a few days after it was set up, let >>>>>>> alone done >>>>>>> anything. >>>>>>> >>>>>>> <_ph00> so the basic problem is "how to safely exchage refs", >>>>>>> and the >>>>>>> solution "eliminate ref exchanging by implementing >>>>>>> opennet"?!? Am I the >>>>>>> only one to think that's very stupid? >>>>>>> >>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> -------- >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Devl mailing list >>>>>>> Devl at freenetproject.org >>>>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>>>> _______________________________________________ >>>>>> Devl mailing list >>>>>> Devl at freenetproject.org >>>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>>> >>>>> >>>>> _______________________________________________ >>>>> Devl mailing list >>>>> Devl at freenetproject.org >>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>> >>>> _______________________________________________ >>>> Devl mailing list >>>> Devl at freenetproject.org >>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.6 (GNU/Linux) >>> >>> iD8DBQFF7Jt7A9rUluQ9pFARAr7gAJ9iJHAur3dIsrClY+AmFSQgOy6bXgCfY2Po >>> kqDOiGlYjY/lZ0v66rlsip0= >>> =NcEY >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> Devl mailing list >>> Devl at freenetproject.org >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>> >> >> >> -- >> Founder and CEO, Thoof Inc >> Email: ian at thoof.com >> Office: +1 512 485 1970 >> Cell: +1 310 593 3724 >> AIM: ian.clarke at mac.com >> Skype: sanity >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >> > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
