On Thu, Aug 17, 2000 at 02:24:47PM -0400, Michael Wiktowy wrote: <> > Why do this? > The passing of the data only has to wait for one DH key exchange per node per > stream > where the DSK is exchanged. > (as opposed to a symmetric key generation per node per stream / DH key > exchange per > node per stream / decryption per packet per stream / encryption per packet > per stream) > This decreases latency, decreases CPU usage and increases transfer speed while > keeping the full robustness of the data stream encryption and not sacrificing > traffic > analysis > obscurity much more than it already is. > > These seem to me to be strong incentives without any drawbacks. > > Can you see any badness here that I've missed?
There is a huge drawback, and that is that for anybody who has access to one of the nodes in the chains, all the other connections are exposed. This means that exposing somebody only requires being one of maybe 20 nodes that actually get the request, and being able to do very basic wiretapping on the network. Not good enough. Besides, as has been said a number of times, the overhead of decrypting and the reencrypting is actually pretty small, with a good implementation filling a 10 meg pipe will still only eat a fraction of a recent processor. The DH exchange is what really slows it down, and you still have that. > > Mike > > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev > -- \oskar _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
