On Jan 30, 2008, at 9:24 AM, Michael Rogers wrote: > On Jan 28 2008, Robert Hailey wrote: >> Inside China (in this case) >> there would be a viable freenet, and outside there would be a viable >> freenet but due to the few connections between them, keys could not >> be >> effectively fetched or put one to the other. > > Unfortunately even if we can solve this problem in the accidental > case (by > using networks IDs for example), I don't see how we can solve it in > the > deliberate case: someone creates a chain of Sybil nodes that > occupies a > large region of the key space, so the attacker controls all traffic > in and > out of that region. > > There only need to be two connections between the Sybil chain and the > outside world to keep the chain from collapsing into a point, so the > attack > will work even in a pure darknet as long as there are at least two > gullible > users. And the Sybil nodes don't even need to misbehave - they can > swap > normally and respond normally to requests, but the small bandwidth > between > the Sybil region and the rest of the network will make that region > of the > key space effectively useless.
I'm not sure I understand your point. Isn't that *exactly* what we would want to happen? The two peers on the ends recognize that subnetwork inconsistency and route less/none into it (unless, as Matthew was saying, it fails in the current network). To the best of my knowledge, outside of the subnet, the other properly-connected nodes can (and will) have the same keyspace/location; that is what makes them routing obstacles (location=0.545... in US-freenet, or China-freenet?). If DNFs (or more likely, lack of successes) is used as an evidence of a dungeon (which I am not presently suggesting, as it's a feedback loop), this would also be a way of dealing with malicious DNF'ing nodes as they are eventually isolated into there own network (seen as there own dungeon by that node's peers). -- Robert Hailey > And of course if there are only two connections to the outside > world, the > attacker only really needs two nodes: the rest of the chain can just > be > simulated. > > Cheers, > Michael
