On Sat, 23 Dec 2000, Brandon wrote:
> > Flooders have very little effect: all they can do is slightly increase the
> > size of the list, so they'll get bored and probably stop. There's no
> > mechanism for censorship, either: there are no gods who can expunge
> > identities, and there is no voting. There is little processing to be done
> > by the client, too: all the client need do is download the new message
> > "chunk" of the list and filter it with the killfile.
>
> You are really proposing two separable things, hash cash and client-side
> filtering. I'm all for client-side filtering, but it only works up to a
> point. Too much flooding and it will take forever to filter out the junk.
> Hash cash on the other hand doesn't really solve anything. It just raises
> the barrier to entry. Weak attackers are eliminated but then so are weak
> participants. If you use a gigahertz pentium as the point on which to
> based your hash function, then you've eliminated attackers with a
> gigahertz pentium or below, eliminated participants with a 486 and left
> the door wide open for an attacker with a supercomputer.
The sneaky part was requiring hash cash only when an identity is
generated. Normal posting wouldn't require any hash cash, because the
worst a flooder could do is increase the size of the list by less than
1 kilobyte per insert. The hash cash is essential; without it, the
flooders could post under thousands of identities and make filtering
impossible.
Moore's law does work against us, though. The have-nots would have to beg
for identities from the haves, or run the calculations for weeks.
> If you're worried about obnoxious kids then there are other ways to get
> rid of them. If you're worried about Them then hash cash won't help you.
Like how? An obnoxious kid can render any public forum useless by flooding
it all day long. fnnews wouldn't stand a chance. My proposed mechanish is
the only way I can think of to diminish the effects of flooding from
"dooming" to "annoying." Once you hit that critical threshold, flooding is
boring and nobody does it.
Yeah, if They wanted to kill this thing, they could probably afford to
pump in megabytes of entries per day (and generate a few hundred IDs per
day) and make filtering very expensive. It would not be a trivial attack.
--
Mark Roberts
[EMAIL PROTECTED]
_______________________________________________
Freenet-chat mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-chat
