* Matthew Toseland <[EMAIL PROTECTED]> [2007-07-26 20:01:34]: > On Thursday 26 July 2007 04:14, NextGen$ wrote: > > * Matthew Toseland <[EMAIL PROTECTED]> [2007-07-25 18:39:11]: > > > I propose that darknet nodes be allowed to forward announcements and path > > > folding messages (ConnectDestination etc), without including their own > > > noderefs. > > > > > > Any objections? > > > > _o/ > > It's a bad idea. > > Be informed that my node wont behave that way... > > Why, precisely, is it a bad idea? As far as I can tell it doesn't compromise > the nodes which only relay and never send their own noderef?
It makes flow analysis related attackes both trivial and more effective. I'm really dissapointed that you implemented it before leaving me time to respond. You did so even though I explained to you my concerns on IRC... I told you about an attack vector (flow analysis using request size - arguably already present but currently not easily exploitable) then we disccused about workarounds (padding noderefs, limitating the number of refs per request) and didn't manage to find any 'good' solution. Your implementation doesn't even feature basic workarounds we talked about and you have enabled that 'risky' option by default :( I don't mind about opennet beeing insecure but don't lower artificially the security level provided by darknet. NextGen$ _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
