On 4/26/05, vinyl1 <[EMAIL PROTECTED]> wrote:
Well, the standard way of preventing users from downloading trojaned binaries (or sources) in the open source world is to digitally sign the packages and/or provide checksums (signed, of course). Currently, this isn't feasible for the Freenet project, because one way to compromise even signed code/binaries is to compromise the person doing the signing. All the attacker needs to do is arrest one of the core developers and force him to sign compromised code. We need a way to sign code where the signing process requires several developers to collaborate in order to sign something, and a way to mark a developer as "not trusted anymore".
This is also the reason why there isn't an official Freenet freesite.
No, unless we start to use "Trusted" computing. (http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html) Assuming that we want anyone to be able to join the network, there's no way of preventing a node from forging any and all authenticity checks.
-- Matthew wrote:
"The usual open-source code security checks?
Don't we have something?
I never bothered to investigate this, being a trusting sort, but isn't there some kind of hash total or crc or digital signature?
If I were trying to attack Freenet, the best way would probably be a social engineering one, persuading inexperienced users to download a rather unsafe freenet.jar, perhaps from a spoof site. They wouldn't even notice the kind of thing Maps Baps was looking at, and my suggestions would be way over their heads.
Well, the standard way of preventing users from downloading trojaned binaries (or sources) in the open source world is to digitally sign the packages and/or provide checksums (signed, of course). Currently, this isn't feasible for the Freenet project, because one way to compromise even signed code/binaries is to compromise the person doing the signing. All the attacker needs to do is arrest one of the core developers and force him to sign compromised code. We need a way to sign code where the signing process requires several developers to collaborate in order to sign something, and a way to mark a developer as "not trusted anymore".
This is also the reason why there isn't an official Freenet freesite.
Is there any security check to insure that only genuine nodes containing 100% pure Freenet code are able to connect to the network?
No, unless we start to use "Trusted" computing. (http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html) Assuming that we want anyone to be able to join the network, there's no way of preventing a node from forging any and all authenticity checks.
Mika Hirvonen <[EMAIL PROTECTED]>
_______________________________________________ Support mailing list [email protected] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
