On Thu, Apr 06, 2006 at 10:08:40AM -0700, Ryan Fugger wrote: > On 4/6/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > > Exposing topology is bad, I agree, but it seems to be the only way to > > make swapping entirely secure... and it's also required for premix > > routing. We don't necessarily have to expose *all* the topology.. > > But each node would have to expose all his neighbours to each of his > neighbours, no?
Well for premix we'd probably have a cell structure; 100 nodes in a cell, collaborative credibility determination, each credible node is equally likely to be chosen for a tunnel; use 2 or 3 nodes for a premix tunnel. > > You wouldn't need to require TPM authentication, but it would be nice > to be able to be completely certain that your neighbours were running > uncorrupted versions of benevolent software. Ummm... > > > Well it's somewhat anonymous, but really it needs a premix layer on top. > > There are statistical attacks possible with requests, probably with > > anything else that can be easily correlated; the basic problems are: > > - If you make a bundle of requests for a splitfile, your neighbour nodes > > will be able to see (if they are clever and know the splitfile) that > > these requests are connected, and that you're requesting too big a > > part of it to be (likely) forwarding requests for other nodes. > > - That the request is a long way away from the target location: the node > > you got it from is forwarding a request which is very close to the > > originator node, or it would have gotten further by now. > > > > Both of these can be used for fairly powerful attacks, assuming you are > > directly connected to the target; we will in 0.8 introduce premix > > routing. > > Isn't the point of a darknet to place the responsibility on the user > to connect only to those that won't attack them? Indeed, but sadly treachery is a fact of life, a universal constant, like greed. > > Ryan -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060406/f29feecd/attachment.pgp>
