> BUT, the MSK at SSK@... is *not* spoofable. KSK at blah is spoofable. FreeWeb does not > allow MSK at SSK@... - it looks up the KSK every time to avoid nasty long (secure) > URLs. Freenet is secure if you use MSK at SSK@
Again... <groan>... FreeWeb publishes and maintains totally secure sites in the standard freenet:MSK at SSK@alphabetsoup/subkey// format! Referencing them via insecure hyperlinks is only an option. omigod :( David ----- Original Message ----- From: "toad" <[email protected]> To: <devl at freenetproject.org> Sent: Wednesday, May 30, 2001 12:19 Subject: Re: [freenet-devl] Freeweb comments > On Tue, May 29, 2001 at 08:04:38PM -0400, eigenman wrote: > > > > Well duh. > > > > freeweb is to freenet as WWW is to HTTP! > > > > Its a naming process. > > > > > > > > > > WWW is to HTTP? Huh? > > > > An abstract naming simplification. Which stops at a point where most > > average people understand how to use it. > > I could use HTTP directly but why? > > > > > > > > > > > > > People who want security will use MSK/SSK. People > > > > > who don't need it will use Windows and FreeWeb or > > > > > more likely a web server. If someone really needs > > > > > encryption they will take the extra time to do it > > > > > right. > > > > > > > > So how does the naming compromise security again? > > > > > > > > > > This is a perfect example of why .free is bad. A > > > little knowledge is a dangerous thing. FreeWeb relies > > > on KSKs which are insecure! > > > > But Ian just told me that KSK@ is the simplest choice for easy naming on the > > freenet protocol. > > He sugested this as an equivaliant to .free naming. > > If this is insecure then freenet is already insecure. > > > > >
