> The main problem in the face of active attacks is to securely get the > right keys for other nodes. If an attacker can trick you into accepting > a bad key, then he can play "man in the middle" and decrypt/re-encrypt > the traffic between you and the other node.
There needs to be a secure method for distributing addresses, of course. You can only trust the address as much as you trust the distribution method. Or you can assume all nodes to be potentially evil and let them gain your trust. Myself, I would only accept node addresses from people I knew sent through PGP encrypted e-mail. There is still the possibility someone gained access to their private key _and_ guessed their secret pass phrase, but in my particular situation, this seems unlikely. Everyone else can decide for themselves when to trust nodes. There is of course the problem of autodiscovered nodes which aren't directly entered into nodes.config, but from the DataSource field. We have to come up with a different method for those to gain trust. Currently, we can just use the shy/non-shy distinction. Shy nodes won't trust nodes from DataSource and non-shy nodes will trust them fully. We can add more distinctions later. _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
