Colin Davis wrote: > It solves #2- Don't run things you get in e-mail.. > > Instead of requiring a Noderef, allow someone to connect with just a > password, and the IP address. This is something you can TELL someone, or > say in an IM, no file transfer required. > I don't think we should necessarily categorically discount a fred-based installer distribution servlet because of NAT problems. What if we allow decoupling the installer from the noderef? Then those that can overcome or don't have the NAT problem can host the installer. If I, for some reason, cannot host the installer, perhaps one of my peers is willing to share their installer hosting such that I could get "access keys" from his node to pass out to my friends and include my noderef from the distribution area of FProxy in the email I send to my friend with the "access key". My friend saves the attached noderef (which was attached as a file with a .fref extension) to a file, connects to the my peer's installer host, uses the "access key", which will probably be part of the URL, and downloads and installs the node. Then my friend can double click on the .fref file he downloaded, which includes a one-time code generated by the distribution area of my FProxy (or FCP server) that my node uses to authenticate the addition of a node I didn't already have the noderef of. Node installed in a decentralized way. Peer connection created.
Pass phrases could work, but I think they should have something like a 32 character minimum length. (I wonder if there are passphrase dictionaries yet.) > Dave Baker wrote: > >> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >> >>> I know it's less secure, but what about simply allowing people to >>> connect to your machine if they know a passphrase? The passphrase would >>> take the place of the Key, but be user-settable, and short. >>> >> That doesn't solve either problem though, surely? >> >> my 2p on #freenet: >> >> [17:48] <dbkr> as far as both-way-adding goes, I think that's where we reach >> a >> tradeoff with security, which is one of the main challanges for Freenet. >> [17:49] <dbkr> I'm not convinced the whole difficulty of exchanging refs >> isn't >> a red herring - everyone can handle emailing a file. >> >> I'm definately in favour of the ability to burn a CD with an installer on it >> that installs a node with your reference pre-bundled, although I think >> leaving the installer out for an emailed-version means it's nothing the user >> couldn't do themselves. >> >> >> Dave >> >> >> >>> If that were in place, you could send an e-mail saying: >>> >>> Hey Jon, I just found this cool new thing called freenet, which lets you >>> get to all sorts of sites which aren't on the normal web! It's >>> anonymous, and free, you should check it out. It works by connecting >>> through each other's computers, but I'll let you connect to me to get >>> started. >>> >>> Go to FreenetProject.org and download it, then give it my hostname, >>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >>> >>> Don't give anyone else that information, or it won't work. It'll only >>> allow one connection.. After your up, you can connect to other friends, >>> and everyone's connection gets faster. >>> >>> I'm on IM if you want to talk about it. >>> -Person you Know. >>> >>> Matthew Toseland wrote: >>> >>>> We will only get a darknet if it is really easy to swap references with >>>> your friends - opennet or no opennet. >>>> >>>> The original idea for Freenet 0.7 reference swapping was that you: >>>> - Go to your node, and ask it to create a bundle. >>>> - Send the bundle to your friends. >>>> - They unzip it and run it to install Freenet. >>>> - The bundle includes your noderef. >>>> - It also includes a one-time key that allows the node to automatically >>>> connect to yours despite yours not having their noderef yet. >>>> >>>> There are two big problems with this: >>>> >>>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>>> you must have already exchanged references, full stop. THIS SUCKS. It >>>> also affects connectivity for newbies in a bad way (which is important >>>> IMHO). >>>> >>>> 2) Generally people shouldn't run programs that they receive in emails! >>>> >>>> Solution to the first one - and to newbie connectivity issues - is to >>>> implement UP&P and hope that routers implement it properly in future - >>>> is this a realistic hope? >>>> >>>> Solution to the second one is to just send the noderef and a link to the >>>> website, and only use full bundles when e.g. giving somebody a CD-R >>>> (which we should make really easy). >>>> >>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>>> not sure how well this would work for newbies, and in any case I set up >>>> a darknet-tools list for people to talk about this and nobody has even >>>> talked about it since a few days after it was set up, let alone done >>>> anything. >>>> >>>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>>> only one to think that's very stupid? >>>>
