On 11/09/17 22:48, Arne Babenhauserheide wrote: > > Matthew John Toseland <matt...@toselandcs.co.uk> writes: >> Applied to spam, for example, we could justify banning somebody by >> showing some of his messages. >> >> Does it still allow for spam amplification? Probably, if we immediately >> propagate inserts to everywhere. But maybe we can resolve the fight >> within a few small random parts of the network. And the fact that you >> can only vote once per darknet connection on any given key severely >> limits the mischief you can do... so maybe it's manageable even with >> full propagation. > > How would we avoid having to interact with all inserts?
Simple answer: we don't. We propagate every insert to everyone listening, for a sufficiently popular key. This is viable on a darknet, because we assume the attacker has a limited number of edges. Possibly better, more complex answer: Each insert is routed along a fixed pseudo-random route. If there is a conflict, we make the newly inserted data available within a limited range of where it ends up. If the users/clients like the data, they reinsert it, and it propagates further. Once there are enough inserts the winning data goes everywhere. > >>> Because it's our only source of scarcity. The whole objective of this >>> part of the proposal is to create spam-proof, adequately-scalable >>> distributed keyword search. Or distributed data structures of whatever >>> other kind, where we can maintain the structure in a collaborative >>> manner, obtaining a consensus, without having to poll every outbox and >>> every fork. > > I agree that our darknet structure is our only real source of scarcity > (but only in the immediate region: One malicious darknet peer can > introduce an arbitrary number of additional distant peers). > > But I’m wary of mixing the darknet structure too much with content. For > scalable keyword search we could already use the WoT and merge > information from identities — with efficient transfer, because the data > will be widely cached. I'm skeptical that this can work well: 1) It may or may not be possible to make it scale adequately. 2) It's hard to maintain efficient distributed data structures such as search indexes. > > What I’d be more interested in is to see whether we can use darknet > connections with something like blinded tokens to allow introducing WoT > IDs without CAPTCHAs while keeping the WoT IDs separate from the darknet > structure. I’d like to be able to offer a friend who installs Freenet > something which allows him or her to introduce a few WoT IDs. Exactly. Even if WoT works, it depends on some external source of scarcity. So we need some way to use darknet scarcity for introductions (to prevent DoS/spam), without giving away too much information. But as far as I remember there hasn't been an implementible scarce keys proposal, just a lot of hand waving. If you have one then by all means make it. The above is a slightly different approach, which may have some advantages for particular applications. But we need *something* in this approximate area. > > Best wishes, > Arne
signature.asc
Description: OpenPGP digital signature
