-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have no problem with this approach if it can be implemented in a backwards-compatable fashion (which should be straight-forward) - in fact, there was a time when this is what I thought Matthew had implemented for the automatic IP address detection - clearly I was wrong.
Ian. On Wed, May 28, 2003 at 06:29:29PM -0400, Greg Wooledge wrote: > Kjell Rune Skaaraas ([EMAIL PROTECTED]) wrote: > > > However, rather than defining it myself > > whenever my IP changes, or running some kind of > > dynamic DNS, applications like mIRC do a server-side > > lookup. How difficult would it be to do the same for > > Freenet? > > mjr and I have told Matthew, more than once, that this is going to > be required eventually. Last time it was brought up, he rejected > it because he was eager to get 0.5.1 released -- fair enough. > > It's a protocol change, so it's a fairly significant addition to > the code and must be done with due caution. Only Ian (and his > hirelings, Matthew and so forth) can make the decisions as to > whether, and when, to make such changes. > > Also, the details need to be worked out. Since there is no central > server, there's no authoritative answer. Nodes can and will lie > to each other -- we have to assume a hostile environment until > trust is established. > > One of the simpler forms of the proposal is this: > > 1) New node A starts up, and does not have an IP address in the > config file. An IP address or hostname in the config file bypasses > all this, of course. > > 2) A sends requests to B and C (chosen randomly from the routing table) > saying "what is my IP address?" > > 3) A gets responses back and compares them. If they agree, then we > assume the response is truthful, and we advertise that IP > address in subsequent announcements and data source resets. > > 4) If the responses do not agree, or do not arrive within a reasonable > period of time, we go back to step 2. > > 5) Until we have established the local IP address, we do not announce, > and we do not reset the data source. > > More complex variations are also possible. > > The following must also be noted, because it wasn't known to all the > members of the discussion at the time: > > *) You CANNOT be sure of the ability to connect to your own IP > address to verify it. Port forwarding through a NAT is done > on a per-interface basis. If a packet comes into the firewall > from the internal interface, it may or may not be forwarded to > the Freenet machine correctly, depending on the firewall and > its configuration. Therefore, if you can connect to yourself > on the IP address that the nodes give you, that's great -- but > failure to do so does NOT invalidate the answer. > > -- > Greg Wooledge | "Truth belongs to everybody." > [EMAIL PROTECTED] | - The Red Hot Chili Peppers > http://wooledge.org/~greg/ | - -- Ian Clarke [EMAIL PROTECTED] Coordinator, The Freenet Project http://freenetproject.org/ Founder, Locutus http://locut.us/ Personal Homepage http://locut.us/ian/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Debian :: The Universal Operating System iD8DBQE+1U5OQtgxRWSmsqwRAtw/AJ4kXMlROPmoeD2iXafzV7jKpGc9zwCfSdYz /FlN33RMxjMLkg0EcBR8GAo= =NcCq -----END PGP SIGNATURE----- _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
