On Sunday 09 November 2003 02:36 pm, Martin Stone Davis wrote: > Tom Kaitchuck wrote: > >>So, can negative trust work? > > > > Why even bother? Think about it like this. Suppose each node is limited > > to a certain number of connections or a certain amount of bandwidth or a > > certain number of queries by each node they connect to. There is ZERO > > incentive try to modify freenet to make multiple identities to get around > > this. WHY? Because those nodes that you are connecting to, are still > > limited in those same resources, so to a limited extent your different > > identities are compeating with each other. It would be better form a > > greedy clients perspective to simply connect to more nodes! It is VERY > > EASY to connect to more nodes, and as far as the network is concerned, > > that is legitimate. So what are we trying to thwart here? A REALLY crappy > > denial of service attack? > > We're talking about (not) modifying freenet in such a way that a "REALLY > crappy denial of service attack" would actually work. Yes, at the > moment, we are safe because we're not about to implement my crappy > "appointment" scheme which *relied* on negative trust. Negative trust > doesn't work when identity is free. > > And as it turns out, identity really *is* free (see the talk about > DHCP), so any negative-trust-dependant system will fail.
What about this is so fscking hard to understand? Node A wants to request 1000 keys. Option A (or "the problem"): Node A connects to 10 nodes with 10 identities which each request 10 keys. Result: node A has retrieved all 1000 keys at the expense of others trying to use those 10 nodes. Option B (on "Normal Behavior") Node A connects to 100 nodes with 1 identity and requests 10 keys form each of them. Result: node A gets all 1000 keys. No single node is DOSed and the network is fine. Why on earth would someone go out of their way to do A when B is both easier and faster. It's not even an issue of being selfish. It is obvious that the rest of the network does not care what you are doing, so A increases the load on those 10 nodes, so node A gets it's data SLOWER than it would have if it just did option B. So there is no incentive for anyone to do this. This is not an attack. If they wanted to DOS one node, they could much easier do it out of band, and if they wanted to attack the whole network, they aren't succeeding. So, who cares? _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
