-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Toseland wrote:
> What we need now is a good invite mechanism
> - something that doesn't require the plugin to be on both ends.
There seem to be (at least) two separate problems here:
1. Inviting your friend to use freenet without revealing to a third
party that you're running freenet
2. Once your friend has installed freenet, letting them know your
current IP address and port
The first problem is hard - a good internet filter would detect freenet
refs in unencrypted traffic ("physical.udp=" is the new equivalent of
the 0.5 session bytes). The only encryption-capable software most people
have is a web browser, but a good filter would also prevent you from
rendezvousing at a well-known secure site.
One possibility would be for the node to include a tiny HTTPS web server
that only serves up copies of the node, each with a (probably
short-lived, but up-to-date) reference back to the node it was
downloaded from. HTTP AUTH can be used to prevent harvesting. To invite
a friend, you copy and paste a URL from fproxy into an email or irc
channel. URLs are harder to spot than freenet refs, and they don't get
you kicked off irc servers for flooding.
The second problem is easier - it should be possible to paste the same
URL into fproxy if you receive an invite and you're already running
freenet (or, alternatively, the installer should detect that freenet's
already running and add a reference instead of installing a second node).
This isn't a bulletproof solution, but I'm not sure a bulletproof
solution is possible unless people exchange keys face to face (which of
course everyone should, but who honestly does?).
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEfe8wyua14OQlJ3sRAvkJAKCICAGHHuA4mdzcsTqBmwZfP/G+SgCgq1gD
MkWm6MYUkZ+1Ire4QkmZdJo=
=wX+X
-----END PGP SIGNATURE-----
