On Sat, Aug 19, 2006 at 12:38:55PM +0300, Jusa Saari wrote:
> On Fri, 18 Aug 2006 22:46:49 +0100, Matthew Toseland wrote:
> 
> > We could:
> > - Make ClientPut of a file insert a one-file manifest by default
> >   including the given filename (rather than just the file), if it's told
> >   to insert a CHK@
> > - Enforce the number of metastrings. I.e. if a file is inserted as
> >   CHK at blah,blah,blah/ it can no longer be accessed as
> >   CHK at blah,blah,blah/something-i-just-made-up.jpeg
> > 
> > Advantages:
> > - Keys cannot be modified; there is a definitive CHK, and if you change
> >   it it doesn't work
> > - Therefore CHK at .../chicken-porn.jpeg cannot be renamed maliciously to
> >   CHK at .../free-music.mp3
> 
> Won't work. Nothing stops me from downloading chicken-porn.jpeg, changing
> one pixel in the upper right corner (so the CHK will differ), and
> inserting it as free-music.mp3.

I said it would be inserted as a one-file manifest: the filename is
effectively in the metadata. If you change the filename you change the
manifest and therefore change the CHK.
> 
> Besides, attempting to play the jpeg file in an mp3 player will simply
> result in error, not with the chicken porn image being displayed in the
> screen.

Unless you open it in a web browser.
> 
> Finally, in an anonymous network it is simply impossible to know for
> certain if the filename has anything to do with the actual contents. In
> fact it's impossible in the non-anonymous Gnutella, too. What's the point
> of trying to stop something that you can't possibly stop ?

It makes caching easier, makes some mischief harder, and eliminates
redundancy in URIs (which is probably a good thing in itself: covert
channels).
> 
> > - Makes caching schemes easier; two keys are equal only if they are
> >   equal, rather than having to progressively delete meta-strings from the
> >   end
> 
> You don't need to progressively delete any strings from the end; simply
> start from the beginning and search for "/". Or, if the keys are fixed
> length, simply grap the first n bytes.

You don't know how many bytes to grep for until you actually fetch the
key! Let me explain the format a little:

A plain SSK:
SSK at blah,blah,blah/human-readable-filename

A plain CHK:
CHK at blah,blah,blah

A plain KSK:
KSK at human-readable-filename

Now, we can add any number of meta-strings. A meta-string is a slash
followed by a human readable filename. These are manifest (or container)
lookups. So:

CHK at blah,blah,blah/index.html

Could mean "fetch CHK at blah,blah,blah and then look up index.html in the
manifest provided"

But at the moment it could alternatively mean "fetch CHK at blah,blah,blah"

This makes it impossible to compare the keys efficiently.
> 
> > - Fairly easy to implement
> > 
> > Disadvantages:
> > - Phase 2 is disruptive
> > 
> > Any objections?
> 
> Yes. What happens if Chinese officials decide to pre-emptively censor some
> leaked document by inserting it with the name "Child_porn.jpg" ? Any
> chinese dissidents will then have to try to convince people to access it
> with that name, since they can't access it by it's proper name, "Torture
> of political prisoners in Chinese jails.pdf". And any attempt to modify
> the file to change the CHK will also lead to accusations of it being
> forgery - rightfull accusations, too, since the file *has* been modified.
> 
> This proposal does nothing usefull but causes a potential attack vector.

These objections are based on a misunderstanding. There is zero chance
of a filename being directly associated, in the store, with a CHK. That
would indeed open attack vectors.
-- 
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: 
<https://emu.freenetproject.org/pipermail/tech/attachments/20060819/fe4d187c/attachment.pgp>

Reply via email to