> > Er, but if everybody did that Freenet wouldn't work. A fundamental > > part of Freenet's adaptive mechanism is the "path compression" which > > comes from nodes using the DataSource field. Removing this > > functionality from your node would probably mean that the presence of > > your node is doing more harm than good in the Freenet network. > There is always a trade-off between security and efficiency. Talking to > unknown nodes is a security risk. It is absolutely essential that you give > people the option for as much security as they want. And Freenet certainly > would work if everyone did this, but it would be significantly > slower. That's the tradeoff. I'm not advocating that everyone do this, but > that it be an option. The Freenet design works by being pulled > simultaneously in the two directions of efficiency and security.
I disagree, it is not just a question of degrees, Freenet *depends* on the path compression functionality, giving people the option of switching it off would effectively mean that they are not implementing the Freenet protocol, merely exploiting the network, gaining the advantages without contributing back. Besides, I am sceptical about the security benefits of this anyway. Do you seriously thing Joe public is going to go to the trouble of identifying other Freenet users, confirming that they are trustworthy (how?), and then getting their public key through non-electronic means? Even the most paranoid wouldn't be bothered to do that. The best defense against corrupt nodes is to firstly ensure that it is difficult for someone to deliberately get your machine to use a corrupt node (which it is, it would mean that one of your requests for data had to go through another node which they controlled, *and* that no node further down the line changed the DataSource randomly). Secondly, even if you did connect directly to a corrupt node, you could maintain deniability about who initiated the messages which were sent on to that node, which you can currently do in Freenet. Neither of these precautions require any action on the part of the user, where as your proposal would require a degree of effort on the part of the user in terms of obtaining the addresses of trusted nodes which even I would be reluctant to do (just think how difficult it would be to do this living under an oppressive reigeme (in a pub: "hey mate, you run a freenet node?..."). Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000819/d3b627b4/attachment.pgp>
