On Friday 05 November 2010 16:01:02 Matthew Toseland wrote: > On Thursday 04 November 2010 21:12:33 Robert Hailey wrote: > > There might be some onion routing magic > > that could save this, but I doubt it; > > Full onion routing is not likely to be feasible on Freenet. We could build > something like I2P with a DHT so you can select random nodes, but it wouldn't > work on darknet, so it's doubtful whether it's worth the effort; and it would > of course introduce lots of new vulnerabilities based on peer selection, and > we'd have to open connections just for tunnels; it would be very messy and > probably not as effective as we might hope. Random rendezvous tunnels are > however a reasonable approximation, giving an anonymity set close to the > entire network for reasonable cost, and working even on darknet. > Unfortunately, it will cost us quite a few hops - likely more than Tor's 3 > for a vaguely comparable level of security, probably in the region of 5 - > although it could be tunable. My inclination is to enable tunnels on NORMAL > and MAXIMUM i.e. if you don't care about security (LOW), turn them off, but > also if you are on darknet but aren't excessively paranoid (HIGH). We could > also use them only for insert of keys we expect to be linkable, although that > doesn't protect on opennet against an attacker connecting to every node, and > doesn't protect requests at all.
To clarify: A good onion layer is a lot harder than it sounds, and if you had one you wouldn't build Freenet on top of it. Mating the two with essentially no synergy between them - separate connections for example - IMHO doesn't gain you as much security as you'd like. Random rendezvous tunnels are a reasonable approximation that doesn't have so many scaling and peer selection issues and doesn't require new connections which are only used for tunnels, so is more appropriate. For a good anonymity set the path length would need to approach that for routing to a specific location, but fortunately this is relatively short on Freenet - 5 hops would likely be enough. However I estimate that this cut performance by a factor of 2 and probably more. Depending on paranoia levels, especially on darknet, we might be able to get away with local requests for stuff that we know is on our direct peers (e.g. due to bloom filter sharing, ULPRs) - this is unacceptable if the bad guys connect to every node or if our peers are treacherous but it's perfectly fine against mobile attacker source tracing or any other attack where the bad guy starts a long way away. > > > if you use opennet, you might > > just have to rely on the fact that there are very few path-folding > > requests (compared to requests at-large) [security through obscurity/ > > rareness]. > > There is an opportunity for path folding after each successful CHK request. > We deliberately throttle them by various alchemy in OpennetManager - we don't > want to accept requests too often etc. So the argument that path folding is > rare is dubious. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101105/43611539/attachment.pgp>
