On 31/03/14 21:13, Arne Babenhauserheide wrote: > Am Montag, 31. März 2014, 15:52:20 schrieb Matthew Toseland: >> It is? How are we supposed to know the risk tolerance / risk profile of >> every single user? > What is the danger of saying HIGH trust? We might do aggressive things like sharing bloom filters for the client cache, or broadcasting local requests, that can improve performance but may significantly compromise security. (Of course, if you're connected to an attacker, they can probably tell what you're doing anyway; this is just stuff that would make it somewhat easier, in order to boost performance) > What is the added safety I get when saying LOW trust? At the moment, I'm not sure. As I mentioned, bad guys directly connected can get a good idea what you're doing, just by routing requests (on opennet as well as darknet). > What is the danger of saying YES (FOAF)? The same issue as with adding darknet peers to people you don't want to be associated with. But also possibly you don't want your friends to see some of your other friends, e.g. by name. Possibly we might want separate groupings. I dunno, generally YES is a sane default. > Can FOAFs launch the same attacks against me as friends could, or is there > some added security? Most of them. At the moment it doesn't make a big difference. In future it's intended that we use it for various things e.g. bloom filter sharing - some fairly aggressive at HIGH. > For example FOAFs could be LOW trust automatically. Yes, they should be a lower trust level than direct friends.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl