On Wed, Aug 12, 2009 at 9:58 AM, Frye, David W<david.f...@duke-energy.com> wrote: > I am writing a book about computer security and want to include a very basic > diagram of how Freenet and Darknet work. Would it be possible to have > someone look over the picture below and verify I have an accurate (basic) > understanding of the architecture? The only question I have is, do the other > clients provide a role in providing pieces of the data to Client A or do > Client A and E communicate directly with each other to transfer the data? > Thank you!
I think you're heading in the right direction, but not completely accurate. Freenet is both simpler and more complex than your diagram suggests. First, terminology: Freenet is peer to peer; the Freenet software runs nodes or peers. Normally, a person using Freenet runs a single node (copy of the Freenet software). They might also run one or more clients (software that provides some functionality, like file sharing or messaging); each client would talk to the node run by the user. The user's node handles converting the client's requests into network level messages. Freenet doesn't have a high-level structure of distinct networks like your diagram suggests. Each node is connected to some other nodes; they aren't grouped into separate networks*. This is true whether those nodes are opennet or darknet nodes. When a node wants a piece of data, it picks the node it's connected to that's most likely to have it (or know where to find it) and asks that node. This request gets passed along until either the data is found or the request times out with the data not found. Once the data is found, it gets returned to the original requester along the same route; the node that had the data and the node that requested it never talk directly, and don't know who each other are. All any node along the route knows is the previous and next nodes in the route (this is where a large portion of the security of Freenet comes from). The difference between darknet and opennet isn't in how the connections are used, but in how they're made. Opennet connections are made automatically by the nodes. The result is something that doesn't require user intervention to set up, but is less secure: if you enable opennet on your node, then your node broadcasts to the rest of the network the fact that it's running Freenet and how to connect to it, which lets an attacker determine a list of all opennet nodes (with a modest amount of work). Darknet is different: connections are manually established by the user between their node and the node of someone they trust (for definitions of trust that depend highly on individual circumstances). If your node has only darknet connections (you can run a mix of darknet and opennet connections if you like, but you'll only get a partial benefit from it), then it is dark, in the sense of being hard to see. There is no easy way for an attacker to determine that you're running Freenet, to recognize the Freenet connection, etc. Despite the difference in how the connections are established, they're used in the same way at a network level. Requests initiated on a purely darknet node might get routed onto an opennet connection and then onto a different darknet connection. Since you only make darknet connections to people you know, there's a common misconception that you can only get data from your friends; in general, this is not the case. Darknet connections are like real world social connections: you don't know all your friends' friends. Many of your darknet peers are probably connected to each other (your friends know each other), but they also connect to other people you don't know. Your friends connect to people you don't know, who connect to people who don't know your friends, and much like the Kevin Bacon game you're indirectly connected to someone who's also connected to the main opennet network, and from there to the rest of the world. Freenet can then make use of those connections to route requests and data, even though no individual node knows much about the connectivity of the network as a whole. Hopefully that's helpful. Feel free to ask more questions; I or someone else can hopefully answer them. You might find the wiki useful; I've been trying to improve it a bit of late, but it's still somewhat sparse and frequently out of date. Consider looking at eg http://wiki.freenetproject.org/DarkNet and things linked from there. If you're interested in helping the wiki lacks things like nice diagrams -- if you're willing to contribute such, it would be appreciated. * It's possible to have networks that are completely disconnected, but if there exists a route from one node to another, they're on the same network. By the time you have more than a few people on a small disconnected network, someone will probably manage to make a connection to someone who can connect to someone who... and all of a sudden it's not a disconnected network any longer. Evan Daniel _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
