> > This is more or less correct, a transient node doesn't set the DataSource > field, so one can see that a transient node has connected. Running a > transient node is more about performance (keeping your own routing table) > then adding any real security above just using a plain client. Really? Thats a bad thing.
> I still don't agree with Scott here. The only reason to have the Public > Key fingerprint is so that the node can check that it is actually talking > to the node that it got from the DataSource. I don't think allowing nodes > to look up new addresses from the fingerprint should connecting to the > old address fail is a security whole, you still know it's the same node - > but it has to be considered something that the node does rarely and on > "maintence time" (we will never support nodes on dialup lines changing > ip-s every hour like this). Like I said, fingerprint->new IP is okay. But old-ip->new fingerprint indicates a subversion. > I'm actually warming up the idea of making the address: > > physical address + fingerprint + number > > and having the node lookup: > > ARK(fingerprint , (number + 1)) > > should the connect fail (ARK is Address Resolution Key). This should be done in a background thread not related to the transaction in which the connect failed, but this isn't a bad idea. An ARK can just be an SSK too, assuming we select an authentication scheme that dovetails well. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000817/a0b1b11f/attachment.pgp>
