On Fri, 18 Aug 2006 22:46:49 +0100, Matthew Toseland wrote:

> We could:
> - Make ClientPut of a file insert a one-file manifest by default
>   including the given filename (rather than just the file), if it's told
>   to insert a CHK@
> - Enforce the number of metastrings. I.e. if a file is inserted as
>   CHK at blah,blah,blah/ it can no longer be accessed as
>   CHK at blah,blah,blah/something-i-just-made-up.jpeg
> 
> Advantages:
> - Keys cannot be modified; there is a definitive CHK, and if you change
>   it it doesn't work
> - Therefore CHK at .../chicken-porn.jpeg cannot be renamed maliciously to
>   CHK at .../free-music.mp3

Won't work. Nothing stops me from downloading chicken-porn.jpeg, changing
one pixel in the upper right corner (so the CHK will differ), and
inserting it as free-music.mp3.

Besides, attempting to play the jpeg file in an mp3 player will simply
result in error, not with the chicken porn image being displayed in the
screen.

Finally, in an anonymous network it is simply impossible to know for
certain if the filename has anything to do with the actual contents. In
fact it's impossible in the non-anonymous Gnutella, too. What's the point
of trying to stop something that you can't possibly stop ?

> - Makes caching schemes easier; two keys are equal only if they are
>   equal, rather than having to progressively delete meta-strings from the
>   end

You don't need to progressively delete any strings from the end; simply
start from the beginning and search for "/". Or, if the keys are fixed
length, simply grap the first n bytes.

> - Fairly easy to implement
> 
> Disadvantages:
> - Phase 2 is disruptive
> 
> Any objections?

Yes. What happens if Chinese officials decide to pre-emptively censor some
leaked document by inserting it with the name "Child_porn.jpg" ? Any
chinese dissidents will then have to try to convince people to access it
with that name, since they can't access it by it's proper name, "Torture
of political prisoners in Chinese jails.pdf". And any attempt to modify
the file to change the CHK will also lead to accusations of it being
forgery - rightfull accusations, too, since the file *has* been modified.

This proposal does nothing usefull but causes a potential attack vector.


Reply via email to