-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Toseland wrote: > Well, can we send probe tokens out or something instead of allocating > tokens on node connection? Can we do some sort of slow start for new > nodes, so that they only get a few tokens until they have answered some > requests?
Good idea - even if we don't use tit-for-tat we can decrease our initial risk by handing out tokens slowly when we first connect. This also gives honest nodes an incentive to stay connected so they don't have to go through slow start again. > We need to be able to verify inserts, this is a legitimate problem, but > it's not likely to be solved before 0.8. Can it be solved at all, without knowing the public keys of all nodes (which would essentially turn Freenet into I2P)? How can you ever be sure that your insert really reached the node responsible for location 0.123456789? > Indeed; this is easy even on requests, although just DNFing everything > is fairly easy to detect. Right, the attacker would have to return a fake RequestSucceeded and InsertTransfersCompleted after realistic delays. > The darknet is Sybil-resistant. However most people hear about freenet > from slashdot (IMHO this is bad; we shouldn't be reliant on perpetual > slashdottings, but that is unfortunately the current situation), so we > need opennet. That doesn't follow - Slashdotters have friends too (OK, don't quote me on that). Telephones caught on even though you needed to know someone who had one before they became useful. Same with email and IM. If Freenet supported instant messaging and shared folders I'd have a good reason to invite my friends and family to start using it - they may not be interested in anonymity but they're interested in privacy, and their privacy can provide anonymity for others. > And we can't limit creation of new identities. It's not acceptable for > the user to wait for an hour while the node generates hashcash, nor > would it be particularly useful, since dedicated hardware can slice > through hashcash very quickly. Agreed, hash cash is useless because attackers will always be willing to spend more CPU cycles than ordinary users. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEs6nyyua14OQlJ3sRAo9aAJ9rNt1eN+sc1FxjdqjVJwg0gQIxeACfbO7m 8U9UZ5o3lRJcV3w37LSqQdQ= =Jee5 -----END PGP SIGNATURE-----
