On Fri, Jul 16, 2004 at 12:47:42PM +0000, phil wrote: > > > Yes, it is. What precisely is not encrypted?: > > I was under the impression that key requests themselves were not encrypted and > might be matched by a determined eavesdropper to eg a requested known nasty > freesite (which is encrypted)?
No. All inter-node communications are encrypted. Separately, all data is encrypted at the file level. For example, a typical key: CHK@<blah blah 1>,<blah blah 2>. <blah blah 1> is the routing key, which is the hash of the encrypted data. This is known to the node. <blah blah 2> is the decryption key, which is ONLY known to the requestor. You have to have both. > > > There are plenty of technical measures to prevent this; one is the > > encryption of ALL node to node links. > > ie what I was asking about. > > > Hehe, since BEFORE 9/11, interception warrants in the UK are issued by > > the police, for the police, and supervised by a small group of civil > > servants. ;) > > > > I'm not surprised, hehe. I mean, why bother with civil liberties and all that? > Such a nuisance. As Orson Wells ( I think it was) said: "Police work is only > easy in a police state" (or something like that). > > > That's unpleasant. Here, the defence of accidentally visiting a child > > porn site is quite viable. > > Accidental might be ok in NZ? What the NZ decision referred to was the > difference between content only in the eg browser cache versus the accused's > intentional act of saving to disc. The former never used to be sufficient > evidence on its own - there needed to be (mens rea) intentionality demonstrated > by eg saving to disc (or I suppose sufficient downloads). But then they decided > that intentional looking was enough on its own. These decisions have a habit of > migrating, might've already. I don't see that it's relevant to the legal issue at stake.. If somebody has hundreds of pages of KP in his browser cache, he's probably liable, even if he didn't save any of it to disk, for obvious reasons. > > Anyway I didn't intend to limit the issue to pathetic kiddy/p. The same legal > principles could be applied to any number of "unacceptable" materials, and let's > not forget civil suits either where the burden of proof is usually easier. It's > this general trend in the user's legal accountabilty for data requests that can > be used to achieve many ends. > > > > Put all the above together and smell the coffee. > > > > There are vulnerabilities, of course. But none as obvious as not > > encrypting inter-node traffic. > > I certainly hope I was blabbing out my arse and something like Stunnel would be > redundant because there is no way of eavesdropping on a single node over time to > match requests to known freenet data?? If so, why do papers on freenet always > mention local eavesdropping as "exposing"? Some of them are out of date. Some of them are referring to running a node, and then analysing the requests that come in. This is difficult, as demonstrated above and for other reasons, but especially with splitfiles, it is not impossible. Also there may be traffic analysis vulnerabilities, with a sufficiently smart and powerful attacker. > > BTW, how does Open SSL compare with freenet tunneling? It's different, but similar. Every node has a public key which is used in setting up a connection. You can only connect to a node if you know the key, just as you can only decrypt data if you know the key. In both cases you usually get a new key from old nodes or old data. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
