It has been pointed out that attacking opennet is almost trivially easy. Comprehensive surveillance of all nodes is feasible on a relatively low budget; you can do the math, but even for a big network it's a scarily low number to maintain connections to (almost) every node. Even if we find solutions to the cheaper attacks, such as denial of service / flooding attacks and mobile attacker source tracing (which IMHO we can, although maybe not for big files on opennet).
IMHO this is a fundamental weakness of opennet, and is not solvable. However, encrypted tunnels might provide a partial solution, at a significant performance cost. Hence: - We need to solve the security issues with darknet i.e. the Pitch Black attack. Oskar has a fair idea how to deal with this but has yet to actually come up with a tested algorithm. - We need to consider ways to limit vulnerabilites on opennet - better announcement protocols, possibly encrypted tunnels, etc. - We need to make darknet actually work - currently load management makes pure darknet rather disappointing. - We need to seriously consider how and whether to migrate to darknet in the long run. The current strategy is simply to improve Freenet and get a lot of people using it on opennet, and hope that when it is big enough people will switch to darknet for more security. But maybe this isn't the right strategy, especially if it's a fair assumption that as soon as it gets to be a problem, various baddies will be comprehensively watching opennet. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20100831/9d0e3db5/attachment.pgp>
