* Matthew Toseland <toad at amphibian.dyndns.org> [2007-03-23 14:52:19]:
> Well, a more obvious flaw which exists and is exploitable right now, and > is something of a "newbie crypto mistake" is the fact that we are still > using ephemeral diffie-hellman (with an outer encryption layer so you > need to know both refs). We really should fix that... Nextgens has > decided not to, should I? I haven't decided not to: I was planning to do it last WE but I was too sick to do anything usefull. Btw, I still don't get why we should make it a priority *now* ; it has been like that since the beginning! Are we the day before a non-advertised release ? > It's probably only a few days' work. > > On Fri, Mar 23, 2007 at 10:48:18AM -0400, Colin Davis wrote: > > I worry that given that the Freenet Project has always been a very > > public project, and relies heavily on donations to continue to develop, > > headlines like "Freenet Authors add tracking code" aren't going to > > endear you to people. > > > > And while I certainly understand the idea, and I understand that the > > security risks aren't actually that major compared to the existing > > infrastructure and a determined hacker, I don't think it'd play well > > with the Slashdot crowd. They aren't exactly world-renowned for > > listening to nuanced arguments before making judgments ;) > > > > Just my thoughts, > > Colin > > > > > > > > Matthew Toseland wrote: > > > How far can we go in abusing the production network in order to make it > > > work? The testnet is never likely to be large enough to be a useful > > > model. What I propose is that on swap requests, which already include > > > the location of the node, and the locations of its peers, we also add a > > > unique ID (say the first 8 bytes of some hash of the identity) for the > > > node and each peer. > > > > > > This would make it easier to map the network. It is already possible to > > > map the network but it is a lot of work and a lot of uncertainty, > > > because we don't know about every swap so we have to try to do partial > > > matches. > > > > > > This may make some attacks easier. Having said that, with the current > > > swap requests, you can probably identify the topology close to you with > > > some confidence. The main benefit here is in identifying the topology > > > further away more reliably. Which isn't that interesting for attackers > > > unless they've been e.g. watching #freenet-refs and can match an IP > > > address to each node on the network. Even then, there are much easier > > > attacks, and correlation attacks on nodes 4 hops away may not have > > > enough information. > > > > > > The benefit is we could test all our pet theories about the shape of the > > > network being completely broken due to #freenet-refs . We could gather > > > real world information about node uptimes, location swapping, location > > > clustering. It would of course be spoofable, but only to the extent that > > > location swapping is already spoofable. It would double the size of the > > > swap request packets, but these are fairly small. > > > > > > What do you think? > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Devl mailing list > > > Devl at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070323/521fc59b/attachment.pgp>
