On 07/01/14 17:00, Ian Clarke wrote: > It's not really clear what you are proposing here, what is the context? We should allow, optionally, tunneling the first hop over Tor or I2P. Hence: - We implement a simple binary protocol over TCP. - Nodes can optionally expose this for "transient" clients. - We provide some way to find nodes exposing this service within Tor to connect to, possibly via a flag in the Tor router directory or some other mechanism. - We provide an option for a real node to route all locally originated requests via tunneled nodes exposing this service.
Right now Freenet provides a distributed, mostly censorship resistant datastore (an important service that Tor doesn't provide, potentially enabling services that are more robust than Tor hidden servers), but only a limited degree of anonymity. IMHO for good security Freenet needs to tunnel the first hop (before we start routing properly) over a mixnet. The easy, plug and play, and still somewhat decentralised, solution is to go via Tor. In the long run, I would like Freenet to construct its own tunnels, over a darknet social network via the PISCES algorithm; this would be substantially more secure than Tor is at present (as it is resistant to Sybil attacks and can even use high latency for uploads) but it is a long way off for various reasons (we'd need a darknet, but also it's a lot of work and needs other stuff too; also there are tricky invisibility/tunnel length tradeoffs). > Ian. > > > On Tue, Jan 7, 2014 at 5:36 AM, Matthew Toseland > <t...@amphibian.dyndns.org>wrote: > >> The leaked files on Tor suggest it is significantly stronger than at >> least I had assumed. >> >> It might be interesting to create a simple, but cryptographically >> verified, TCP-based protocol for communicating with gateways through >> tunnels, to protect the first hop. This would be a "transient" >> request/response protocol handling binary blobs; clients would route the >> first hop (at least on opennet) through these tunnels, verify returned >> content, and possibly label requests to keep them on separate tunnels. >> >> On darknet we will eventually protect the first hop via PISCES tunnels, >> however IMHO this is some way off and there are (probably) very few >> darknet users at present. >> >> We could then ask Tor for a directory server flag, although they might >> say no if Freenet is seen as "filesharing" and therefore obnoxious. >> >> DoS issues might result in some servers asking for payment, although >> creating a business model is often a good way to fund your attackers >> (especially if the gateways are anonymised); this is why a classic >> mixnet doesn't work for bitcoin, for example (don't trust anything >> without provable blinding). >> >> tgs3 and various people on Frost have been suggesting this for some time. >> >> IMHO Tor is preferable to I2P (assuming the NSA stuff isn't a false >> trail, which it might be), but it could work with either. >> >> Arguably we should use a normal transport, we're some way away from >> having TCP-based transport plugins though... and this could be a fairly >> simple protocol, we can transfer a single block (key) at a time as a >> single message. >> >> >> http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
