On Fri, 18 Aug 2006 22:46:49 +0100, Matthew Toseland wrote: > We could: > - Make ClientPut of a file insert a one-file manifest by default > including the given filename (rather than just the file), if it's told > to insert a CHK@ > - Enforce the number of metastrings. I.e. if a file is inserted as > CHK at blah,blah,blah/ it can no longer be accessed as > CHK at blah,blah,blah/something-i-just-made-up.jpeg > > Advantages: > - Keys cannot be modified; there is a definitive CHK, and if you change > it it doesn't work > - Therefore CHK at .../chicken-porn.jpeg cannot be renamed maliciously to > CHK at .../free-music.mp3
Won't work. Nothing stops me from downloading chicken-porn.jpeg, changing one pixel in the upper right corner (so the CHK will differ), and inserting it as free-music.mp3. Besides, attempting to play the jpeg file in an mp3 player will simply result in error, not with the chicken porn image being displayed in the screen. Finally, in an anonymous network it is simply impossible to know for certain if the filename has anything to do with the actual contents. In fact it's impossible in the non-anonymous Gnutella, too. What's the point of trying to stop something that you can't possibly stop ? > - Makes caching schemes easier; two keys are equal only if they are > equal, rather than having to progressively delete meta-strings from the > end You don't need to progressively delete any strings from the end; simply start from the beginning and search for "/". Or, if the keys are fixed length, simply grap the first n bytes. > - Fairly easy to implement > > Disadvantages: > - Phase 2 is disruptive > > Any objections? Yes. What happens if Chinese officials decide to pre-emptively censor some leaked document by inserting it with the name "Child_porn.jpg" ? Any chinese dissidents will then have to try to convince people to access it with that name, since they can't access it by it's proper name, "Torture of political prisoners in Chinese jails.pdf". And any attempt to modify the file to change the CHK will also lead to accusations of it being forgery - rightfull accusations, too, since the file *has* been modified. This proposal does nothing usefull but causes a potential attack vector.