Can we exploit the darknet, and token passing, to provide for artificially scarce KSKs? These would not be vulnerable to flooding or squatting.
Scarce Keyword Key inserts require SKK tokens. For each peer, we have: - Output balance: We have N tokens from that peer, allowing us to send N SKK inserts to it when we want to. - Input balance: We will accept M SKK inserts from that peer immediately. - Maximum queue length: We will allow up to P SKK inserts to be queued from that peer at any given time. We also have a global bucket of tokens to be allocated to deserving peers. This is filled to say 30 on creation of the node, and one token is added every month. Tokens are allocated fairly to nodes' input balances, when there are nodes to allocate them to. When we receive an SKK insert, we use one token from the input balance (if there aren't any we reject it), and we queue it. If we can immediately allocate a token from the output balance of the node we want to route the SKK insert to, we immediately forward it. Otherwise we wait until we can. SKK inserts can remain queued for a long time because of the extreme scarcity of tokens; we provide for cancellation of a queued SKK insert, and confirmation that it is still active. SKK inserts *do not* create tokens when they complete (this is the main difference other than that of scale to the load balancing scheme). As stated above, tokens are created on the initial creation of the node, and periodically. SKK requests are exactly the same as any other request, except that SKKs do not have unlimited cache propagation. Specifically, if I fetch an SKK from the store of a node, it will tell me by setting propLevel=2. If somebody then fetches it from my cache, I will tell them propLevel=1. If somebody fetches it from their cache, then they will set propLevel=0, meaning that the SKK cannot be further propagated. The effect of all this is that while the origin servers should not be overloaded, the data cannot be propagated across the entire network without it being inserted; an attacker could propagate an SKK to nodes which send him requests for it, but these would be local unless he happens to have the right location. Obviously this would create a further incentive to attack the location swapping system, but that needs to be secured anyway (and can't be on opennet AFAICS). -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060705/5450e8c2/attachment.pgp>
