On Tuesday 04 Sep 2012 18:13:04 Evan Daniel wrote:
> On Tue, Sep 4, 2012 at 12:29 PM, Matthew Toseland
> <toad at amphibian.dyndns.org> wrote:
> > The paper, "A Traceback Attack on Freenet" ( 
> > http://www.ee.hawaii.edu/~dong/traceback/1569649421.pdf ) presents a new 
> > attack which relies on being able to 1) quickly connect to a node via 
> > announcement and 2) Query it to determine whether a given request UID has 
> > visited this node. The attack allows them (prior to 1411) to trace a 
> > request back to its originator.
> >
> > 1411 makes this dramatically more difficult by not tracking UIDs of 
> > completed requests. However, it may still be possible to do some variant of 
> > this attack, and we should improve things further.
> >
...
> >
> > Ian's solution
> > ========
> >
> > Get rid of RejectedLoop. Always accept, never route to the same peer as 
> > we've already routed that UID to, and RNF if we can't find any more nodes 
> > to route to.
> >
> > I am worried about what this could do to routing. I don't think we should 
> > implement it without some theoretical/simulation analysis? I can see that 
> > it might improve things, but we need more than that given it could be 
> > fairly significant.
> >
> > However it is the most comprehensive way to get rid of these problems, and 
> > might have the least performance impact.
> 
> I like this solution. It was my immediate reaction to the problem description.
> 
> It will make local minimums harder to escape. Basically, you prevent
> duplicating an edge along a route, rather than a node. That's a much
> less powerful approach to avoiding minimums. I suspect FOAF routing
> helps a lot here, but that seems like it might be problematic from a
> security perspective as well.
> 
> In general, making routing better (link length distribution, mainly)
> will make this less of an issue; local minimums are a problem that
> results when you have too few short links, which is the current
> problem with the network.

How concrete is this view that it will improve performance? What would it take 
to put it on a solid footing? Is there relevant published work? Can you suggest 
how to build a simulation to compare the two approaches (say with 
many-nodes-one-VM to make it easy)?

I would be delighted to implement it ... but only if I can be fairly sure it 
won't make things worse.
> 
> > DARKNET
> > ======
> >
> > Best solution is to make darknet easy!
> >
> > We also need to fix darknet. That means fixing Pitch Black.

We need to contact our friend who was working on that. If he's disappeared we 
need to use what he said last, and what oskar said, and write a **** simulation 
of our own. I'm not sure I 100% understand the attack, so that's one of the 
problems.
> 
> Among other problems. Location stability interactions with datastore,

Yes, that's a longer term problem.

> and opennet/darknet hybrid nodes, in particular.

I am open to any suggestions.
> 
> It also means we need to focus on the user experience when setting up
> darknet, which currently sucks.

I understand how to make major improvements to functionality/ease of use. 
However I need to be about 5 people at the moment. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: 
<https://emu.freenetproject.org/pipermail/devl/attachments/20120904/48163851/attachment.pgp>

Reply via email to