On Friday 15 August 2008 01:16, Matthew Toseland wrote: > On Friday 15 August 2008 01:00, Florent Daignière wrote: > > * Ian Clarke <[EMAIL PROTECTED]> [2008-08-14 18:42:57]: > > > > > On Thu, Aug 14, 2008 at 5:09 PM, Matthew Toseland > > > <[EMAIL PROTECTED]> wrote: > > > > On Thursday 14 August 2008 20:01, Ian Clarke wrote: > > > > What do you think of my changes? > > > > > > > > "We strongly recommend that you only use Freenet in darknet mode [are we > using > > > > the term "darknet" consistently? we can't force darknet here, since that > > > > would basically prevent them from using Freenet unless they know other > > > > freenetters]." > > > > > > > > I disagree: If they set most-paranoid then opennet should not be > available > > > > until they change the threat level to somewhat-paranoid. > > > > > > What is the point in that? If they are intent on using Freenet, then > > > forcing them to select an inappropriate option doesn't make them any > > > more secure! The question isn't so much whether opennet is secure, > > > the question is whether it is more secure than the next best option - > > > which in many cases will probably be a HTTP proxy, which are trivial > > > to monitor. > > > > > > > The UI should make > > > > it easy to upgrade or downgrade the threat level, enable opennet etc, > but > > > > should make it clear what the ramifications are. > > > > > > Yes, but forcing them to pretend that they have a lower threat level > > > than they do is pointless. The purpose of this mechanism must be to > > > inform the user, not make some futile attempt to restrict their > > > behavior. > > > > > > > The user has to be aware that it's always a matter of trade-offs... > > > > We shouldn't speak about a "threat levels" but a "threat level per threat > model". > > > > IMHO they are three major threat models: > > - Treachery (how much I can trust my peers to be good guys) > > * tunnels, ... FOAF and shared bloom-filters for fast remote lookup > > Tunnels are relevant to network as well.
One important point here: IMHO most if not all of the treachery / local attackers axis can and should be a per-peer trust level. Is a global threat level necessary at all for treachery if we have a per-peer trust level? > > > - Network (should hide from ISP, risk of MITM, ...) > > And above all, a remote attacker attempting to trace you from your inserts / > FMS posts / etc. That is *the* threat we are primarily concerned with. > > > * JFK, ... Opennet, sensitivity to Sybil > > - Local (should provide some resilience against a seizure) > > * bucket encryption, double-datastore encryption, ... none of those AFAICS all we need is a series of options for the network threat level, and then a single checkbox for whether the user cares about datastore seizure. > > > > We could use that to our advantage when advertising Freenet: make a chart > > comparing freenet and the security it provides against its alternatives. > > It's something the gnunet guys have been doing since ages > > (http://gnunet.org/faq.php3?xlang=English#compare) > > > > NextGen$
pgplJ5znz5YqA.pgp
Description: PGP signature
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl