On Wed, Nov 13, 2002 at 05:22:29PM -0600, Edgar Friendly wrote: > Matthew Toseland <toad at amphibian.dyndns.org> writes: > > > On Tue, Nov 12, 2002 at 09:15:41PM -0600, Edgar Friendly wrote: > > Um, the Distribution Servlet is absolutely necessary. The current model > > of everyone downloads from freenetproject.org and uses hawk's seeds is > > totally unsustainable, not just because it is centralized but also > > because it distorts the network. > > I agree that distribution of node references is bad to do in a > centralized manner; I wasn't arguing against that. I'm just thinking > that the people who can't d/l fred off fp.org will just get it a > different way themselves. No, they will get it from fp.org, because there is no way we can NOT distribute it from fp.org. We want them to get it from another source EVEN THOUGH fp.org has seednodes. This may well be an impossible, vain task, but if we want users we need people to be able to get it from fp.org as a last resort. > > As for people who already have fred; just have the developers(tm) > author a freesite with the latest builds, and include the URI for that > site on the fproxy homepage. For getting the latest build? Please explain to me how we are supposed to keep a single SSK private key secure for all eternity? > > > > There's no way to enforce that it's the jar you're using, so we might > > > as well send the latest jar. > > Actually, it is technically possible to generate the JAR at run time, > > oskar coded this into dist servlet. We use the JAR if available though. > > I mean only that there's no way for me to prove that the file I'm > sending you is the version of fred I'm running. > > > Hmmm. Without some sort of verification, we rely on the security of the > > insertion SSK, and if that is broken, all is lost. > > adding veto subspaces makes the process slower for everyone (and much > more complicated) and makes the barrier for compromise only slightly > higher. It makes it substantially higher. If the insertion SSK is compromized, and the veto keys aren't, then after somebody notices the problem we can contain it by inserting vetos. > > > You might have a point. Though there is the possibility of unattended > > nodes, so we might have several possible verification modes. > > Just have the unattended node notice an update (as it does now), and > fire off an email or whatnot telling someone to upgrade it. > > I still think the Right Way to do this is by having a official > download freesite. No, because securing a single key for all eternity with no possibility of third party revocation is impossible. > > Thelema > -- > E-mail: thelema314 at swbell.net Raabu and Piisu > GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021114/5aae164d/attachment.pgp>
