On Wed, May 03, 2006 at 03:09:43PM +0200, Florent Daigni?re (NextGen$) wrote: > Greetings, > > I wish to apply for a position in the Summer of Code initiative, working > for the free network project. Here is a copy of what I've sent to google. > > Project Proposal > ================ > I am interested in implementing jFKI [1] or jFKR as the session negociation > protocol in between nodes (on the link level crypto code). The topic has > already been discussed twice on our mailing list [2]. > > This project is self-contained, complying with > http://wiki.freenetproject.org/SummerOfCode requirements. > > Project Justification > ===================== > The current algorithm we are using is vulnerable to at least two kind of > attacks : > 1) Man In The Middle attacks > 2) Denial Of Services attacks > > See http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity for > reference. > > To sum up, we are only doing a DiffieHellman exchange at the moment. Our > main developer (Matthew) said he will implement a Station To Station signed > DH to prevent 1 soon. Imho it's not enough, we must prevent both kind of > attacks.
Note that the latter are only possible if you know the node's reference already, due to an extra layer of encryption we use (which we will keep even if we implement JFKi). > > There is already a bug for it in the bugtracker [3]. It's a reasonable project which will save me a load of work later on. I probably wouldn't give it the maximum possible votes, but I don't see why we can't support 2 or 3 volunteer SoC projects over the summer if Google obliges (which they may well). > > Brief Biography > =============== > > I am a 20 years old french, currently studying software engineering at > the UTBM, a french engineering school. I have been studying Networks and > Telecommunications at l'universit? de Belfort Montb?liard for 2 years > prior joining the UTBM on the third year. > > When enterring high school, I started using linux and have been more or > less active in the Open Source movement since... Regarding freenet, as > some of you know, I have been contributing to it since the rewrite is on > the road (helping algorithm simulations, writing some doc/code, fixing > some bugs, translating, administrating the project's server, trolling with > newsbyte, ...) Nextgens is reliable and capable, though he usually works with the non-java parts of Fred and has relatively little experience with the java parts. > > So obviously, when Google announced that it was giving me the chance to > free up a summer, where I'd usually be working a non-programmer job to > earn money, get paid and work with a project I've been contributing to > and following for years, I jumped on the occasion. > > My favourite areas in computing are security, networks and OS's (Unix). > > Beeing a regular contributor, I'm familiar with the project's > procedures and codebase. I promise to provide regular feedbacks on the > status of my task if my proposal is chosen. > > I can begin actual implementation work as soon as my exams are over, on > or around 1th July and can work for most of the summer. Until then, I > will be mostly preparing my final exams, but I will try to prepare as > best as possible in order to start working with as little delay as > possible after them, if my application is approved. > > > Florent Daigni?re. > > [1] http://www.crypto.com/papers/jfk-ccs.pdf > [2] last thread : > http://archives.freenetproject.org/message/20060415.232743.7ca9570a.en.html > [3] https://bugs.freenetproject.org/view.php?id=52 -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060503/78c5006c/attachment.pgp>
