On Wed, May 31, 2006 at 08:32:01PM +0100, Michael Rogers wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew Toseland wrote:
> > What we need now is a good invite mechanism
> > - something that doesn't require the plugin to be on both ends.
>
> There seem to be (at least) two separate problems here:
>
> 1. Inviting your friend to use freenet without revealing to a third
> party that you're running freenet
>
> 2. Once your friend has installed freenet, letting them know your
> current IP address and port
>
> The first problem is hard - a good internet filter would detect freenet
> refs in unencrypted traffic ("physical.udp=" is the new equivalent of
> the 0.5 session bytes). The only encryption-capable software most people
> have is a web browser, but a good filter would also prevent you from
> rendezvousing at a well-known secure site.
>
> One possibility would be for the node to include a tiny HTTPS web server
> that only serves up copies of the node, each with a (probably
> short-lived, but up-to-date) reference back to the node it was
> downloaded from. HTTP AUTH can be used to prevent harvesting. To invite
> a friend, you copy and paste a URL from fproxy into an email or irc
> channel. URLs are harder to spot than freenet refs, and they don't get
> you kicked off irc servers for flooding.
Might work. Then you run into problem 3: Forwarding the port safely.
Nextgens is strongly opposed to UP&P and STUN for security reasons. I
think they will be necessary, although the former is attackable locally
and the latter might be profiled in order to harvest addresses...
>
> The second problem is easier - it should be possible to paste the same
> URL into fproxy if you receive an invite and you're already running
> freenet (or, alternatively, the installer should detect that freenet's
> already running and add a reference instead of installing a second node).
>
> This isn't a bulletproof solution, but I'm not sure a bulletproof
> solution is possible unless people exchange keys face to face (which of
> course everyone should, but who honestly does?).
>
> Cheers,
> Michael
--
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/tech/attachments/20060531/2b0bd981/attachment.pgp>
