> The only shortcoming (with regards to the "media enforcer" pseudo-attack) with
> "shadow nodes" is that it the 'shield' node is still exposed, correct?
Correct, shield nodes will still be exposed - but it is assumed that the
operator of the shield node accepts this risk (perhaps the nature of
their internet connection provides them with anonymity - such as is the
case with my cable connection, or perhaps they have a sufficiently
strong contract with their upstream provider that they are not concerned
about disconnection for dubious reasons.
> The
> 'shadowed' node's address is no longer distributed, and it no longer responds
> to unsolicited contact, right?
Well, theoretically it should only need to respond to contact from
shield nodes which it has used, although it may initiate contact with
nodes other than those (this will reduce the load on the shield nodes,
but will decrease security).
> I guess the only other issue is whether people worried about being punished
> for using a node might not be better off with a transient node? That would
> not contribute to the network, but Oskar apparently thinks that a shielded
> node would not contribute to the network, either.
A shield node could be set to have a datastore size of 0, which could
make it immune to the DMCA since it will then simply be acting as an
anonymizing relay, however I would expect that normally these nodes will
have normal node functionality.
> Would a shielded node's operator manually select a shield node? How would he
> find one?
All they need is to know the address of a node willing to be a shield
(remembering that as of 0.4 all addresses will contain a public key).
A handshake could inform the node as to whether another node is willing
to act as a shield.
> Would shield nodes allow anyone to "hide behind" them, or only
> selected other nodes, or what?
Well, the simplest way would be to permit all-or-nothing, but where
"all" is the default. More sophisticated criteria could be implemented
but that might be making things over-complicated.
> Would a node 'advertise' that it was willing
> to act as a shield node?
I would say that by default nodes would act as shields, but that there
would be an option for them to refuse. A node could inform another node
of its willingness to be a shield in a handshake.
Ian.
PGP signature