>
> As someone pointed out on the freenet-tech list, if there is a way of
> determining whether or not a node is transient, any requests which come
> from that node must have been originated by the operator.
Thats the point. There is no way to determine if a node is transient.
> > Every node in Freenet is untrusted. The only trust issues come in when
> > you have been speaking to a node for a long time and suddenly it appears
> > that its a different person (doesnt authenticate). To do that, you have
> > to have some concept as to what you expect the fingerprint to be,
> > otherwise you just have a whole shitload of meaningless public keys.
> >
> > You must have an Address->Key link so that you can say "I expect Address
> > to have this key", at which point you can verify something.
>
> Any use of public keys implies a web of trust, no?
>
> So node Alice has been speaking to node Bob for a long time, and has
> added Bob to the list of "trusted hosts" (or whatever).
No. PK in Freenet isn't really a web-of-trust, since you can't implicitly
trust anyone.
> One day Bob shows up with the same key but a different IP address.
>
> Alice should be able to conclude that this is the same Bob, and should
> therefore be accorded the same trust rating (whatever that is).
Yes, but not vice versa. The only thing authenticated key exchange is
good for on Freenet is noticing that Bob's old IP has a different
key. Thats how you determine that bob has been subverted. (unless the key
is signed by bobs old key, which lets you know bob just upgraded his key
for some reason).
> Why should any of this be tied to the physical IP address?
Because as I said, public keys alone mean nothing. A bad guy can very
easily create his own node and public key. Freenet doesn't distinguish
bad guys running legitimate nodes from good guys. What it *can* do, if
you have this link, is notice when a bad guy has taken over a good guys
node.
Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20000817/394e154e/attachment.pgp>
