On Tue, Jul 11, 2006 at 08:55:29AM +0100, Michael Rogers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: > > * A node can get more than its fair share by just keeping connecting to > > more and more nodes. > > > * A node can get more than its fair share by pretending to be multiple > > nodes. > > I completely agree - the new load balancing ideas were designed for a > darknet, they are not Sybil-resistant.
Well, can we send probe tokens out or something instead of allocating tokens on node connection? Can we do some sort of slow start for new nodes, so that they only get a few tokens until they have answered some requests? > > > So, what can be done? > > - Reasonably strict tit-for-tat. If a node is not idle, then it should > > only accept requests from nodes which are responding to its requests. > > As I've said before, I doubt tit-for-tat is useful (and it could even be > harmful) unless there's a way to verify the responses to *all* messages. > At the moment we can verify the responses to requests but not inserts, > which put us between a rock and a hard place: We need to be able to verify inserts, this is a legitimate problem, but it's not likely to be solved before 0.8. > > * If we use tit-for-tat based on the number of requests and inserts the > peer handles, it can send fake replies to inserts to increase its score Indeed; this is easy even on requests, although just DNFing everything is fairly easy to detect. > > * If we use tit-for-tat based only on the number of requests the peer > handles, it can send fake replies to inserts in order to leave more > bandwidth for handling requests - if enough nodes behave in this way it > will be impossible to insert data Yes, we need to verify inserts. But this is not something I want to look into before 0.8; it's a long term security problem. > > If we can't find a way out of this dilemma I don't think tit-for-tat is > viable. That in turn means we need to look elsewhere (in my opinion, to > the darknet) for Sybil-resistance. The darknet is Sybil-resistant. However most people hear about freenet from slashdot (IMHO this is bad; we shouldn't be reliant on perpetual slashdottings, but that is unfortunately the current situation), so we need opennet. > > > Of course we will need to allow a newbie node a small number of > > requests initially. But if it is not able to serve some of our > > requests, we should not serve its, after the first few. > > This is another well-known problem with tit-for-tat: you can only > establish cooperation by cooperating early in the game. But without some > limit on the creation of new identities, an attacker can just travel > from node to node, exploiting the first-time cooperation of other nodes. And we can't limit creation of new identities. It's not acceptable for the user to wait for an hour while the node generates hashcash, nor would it be particularly useful, since dedicated hardware can slice through hashcash very quickly. > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060711/11478f2b/attachment.pgp>
