On 4/6/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > Exposing topology is bad, I agree, but it seems to be the only way to > make swapping entirely secure... and it's also required for premix > routing. We don't necessarily have to expose *all* the topology..
But each node would have to expose all his neighbours to each of his neighbours, no? > > Have you thought much about using TPM chips to authenticate "honest" > > software instances to each other? Sure, they're made for evil DRM > > applications, but I think there could be ways to use them for the > > purposes of good :) > > LOL. Definitely not possible for freenet, and not just for political > reasons; we need it to run "anywhere" or as near to anywhere as > possible. You wouldn't need to require TPM authentication, but it would be nice to be able to be completely certain that your neighbours were running uncorrupted versions of benevolent software. > Well it's somewhat anonymous, but really it needs a premix layer on top. > There are statistical attacks possible with requests, probably with > anything else that can be easily correlated; the basic problems are: > - If you make a bundle of requests for a splitfile, your neighbour nodes > will be able to see (if they are clever and know the splitfile) that > these requests are connected, and that you're requesting too big a > part of it to be (likely) forwarding requests for other nodes. > - That the request is a long way away from the target location: the node > you got it from is forwarding a request which is very close to the > originator node, or it would have gotten further by now. > > Both of these can be used for fairly powerful attacks, assuming you are > directly connected to the target; we will in 0.8 introduce premix > routing. Isn't the point of a darknet to place the responsibility on the user to connect only to those that won't attack them? Ryan
