sorry for being tardy. i don't think i'm subsricbed to this tech list.... <snip> > > circuit of 3 channels). A socks proxy might use heuristics to do this, > > since the bonding will be dynamic, i.e. circuits can be built-out w/ more > > channels in real-time. > > What kind of heuristics were you thinking of? here's the dilemma: ideally we do not want to give away the fact that joe X has a 14.4 connection while joe Y has a T3. well, this will be close to impossible in some circumstances, but i want to _smooth_ out the differentiators (or giveaways) as much as possible.
part of the differentiating comes in working out flow control. if the far end has a steady 28.8Kbs downstream to the originating node, then we don't want the originating node telling the other edge to slow down [because this land-line user here is dropping packets like mad], which would giveaway the fact the anon user has a crappy modem connection. so, my idea is for the entry node (the node freenet might connect to) to allot a bucket of say, 5 megs; a sort of buffer cache. the implementation will probably keep it large (i want to mimic my favororite text editor, joe, in allowing memory buffers to spill out into a temporary file on disk... just for fun ;) so, this cache will be measured. if its constantly empty, then we _might_ want to open up another channel. or maybe not. ;) > > I don't know what the latency will be like. I imagine it won't be all that > > great with bonded channels, so there will be a throughput/latency trade-off. > > Once my day-work slows down some, I'll be able to give it a try. > > Have you envisioned any way of testing/simulating an AnonNet network? I > might be able to set up some tests on our university network, but I > would need help in setting it all up. For starters, how could I set up a > test AnonNet network (eg. 3 nodes), and what tests are feasible for such > a setup? (I'm guessing here, all kind of setups might be possible, just > not sure how it all fits together) hmmmm. i had rudimentary routes setup before, but i had to tear a lot of that code away when i broke up the different transport layers. its almost back to where it was. if you want to dig-in, the relevant code setions would be in caller.c. get_node() chooses a node. i used to hard-code values there, and a new caller uses that to decide which nodes to connet to. its been a few weeks since i was in the code (day-job getting in the way ;), so i forgot the specifics. one of the next steps is to fix get_node() to read from a db and/or xml file, and from that you could more easily specifiy nodes to connect to. this is also the spot where the node discovery will have to hook into.... but then it might need to be ripped out and some more fleible interface thrown in..... *sigh* :) > > IDeally, the latency and throughput troubles would > > be alleviated by intelligent node chaining. That is, the node > > discovery system will include scoring of node characteristics, > > and this info would be used in choosing how to chain nodes. But, > > that is def a long way off. > > And of course, intelligent node discovery certainly devalues the anonymity > > characteristics, since it reduces the possible routes that will be created. > > Yes, this seems to be the infinite trade-off between anonimity and > performance of a secure (P2P) network. I'm actively looking for pointers > on how to optimize both, but i'm having trouble finding any. Most > networks seem to focus on one or the other. Freenet claims to implement > a way-in-the-middle, but it seems to have trouble performance-wise for > the moment. Its anonimity characteristics are hard to evaluate (as for > any other system). i'll admit i don't have much experience in networking, and i really should study up more on how other p2p systems attack discovery and watnot. i have been toying around w/ some ideas. off the top of my head, i see two main problems. discovery of existance of nodes (including their trustworthiness... maybe this is a seperate issue altogether); and their charateristics wrt the local node, and to the network in general. the first problem i want to eventually attack w/ a whole other system: authnet/certnet. in the interim we can simply bootstrap w/ a few nodes, and collect additional ip & ports. the second part might go like this: a node, in its free time will cycle though its node list collecting information. it might connect to other random nodes, and ask them to perform tests on some node, to collect network info. then it might try itself directly. also, a node migh advertise its existance w/ some general information, like the max number of connections it will allow, its speed, geographic location etc. in fact, i have images in my head of geographic info (lat & long) displayed a nice gui control application, so a user can watch a circuit being built on-top of a map of the world... but i'm getting ahead of myself.... one of the interesting security aspects of all of this is that, after an anonnet node is bootstrapped, it can reach out into the middle of the network anonymously, and then start asking questions from there. that way, a specific node cannot be attacked, since it would by-pass its local network and effectively place itself somewhere [randomly] on the global network, kinda like how neo in the matrix enters the world in random spots so the bad guys can't camp at the front door. > > --nico > -- _______________________________________________ freenet-tech mailing list [EMAIL PROTECTED] http://lists.freenetproject.org/mailman/listinfo/tech
