I have no problem with an installer, that include your noderef- In an ideal world, that'd be the primary way people Get freenet. If I recall, .5 created a custom install, but almost no one ever used it.
I think the passphrase solution works well enough, if it's locked down.. As for NAT issues, forgive my being out of touch, but I thought that was solved a year ago.. If I recall, I thought that even if Side-A and Side-B were both firewalled, they could connect.. When Side-A added the noderef of B, it would start sending out packets to B, knowing that they won't get returned.. But the Sending of these packets would open a NAT-hole.. Then, Side-B would get around to adding the noderef of A, and start sending packets to A, opening a NAT-hole on their own side.. Side A's packets then get in through this hole, just as B's now arrive at A. What am I missing? -Colin That said, David Sowder (Zothar) wrote: > Colin Davis wrote: >> It solves #2- Don't run things you get in e-mail.. >> >> Instead of requiring a Noderef, allow someone to connect with just a >> password, and the IP address. This is something you can TELL someone, or >> say in an IM, no file transfer required. >> > I don't think we should necessarily categorically discount a fred-based > installer distribution servlet because of NAT problems. What if we > allow decoupling the installer from the noderef? Then those that can > overcome or don't have the NAT problem can host the installer. If I, > for some reason, cannot host the installer, perhaps one of my peers is > willing to share their installer hosting such that I could get "access > keys" from his node to pass out to my friends and include my noderef > from the distribution area of FProxy in the email I send to my friend > with the "access key". My friend saves the attached noderef (which was > attached as a file with a .fref extension) to a file, connects to the my > peer's installer host, uses the "access key", which will probably be > part of the URL, and downloads and installs the node. Then my friend > can double click on the .fref file he downloaded, which includes a > one-time code generated by the distribution area of my FProxy (or FCP > server) that my node uses to authenticate the addition of a node I > didn't already have the noderef of. Node installed in a decentralized > way. Peer connection created. > > Pass phrases could work, but I think they should have something like a > 32 character minimum length. (I wonder if there are passphrase > dictionaries yet.) >> Dave Baker wrote: >> >>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >>> >>>> I know it's less secure, but what about simply allowing people to >>>> connect to your machine if they know a passphrase? The passphrase would >>>> take the place of the Key, but be user-settable, and short. >>>> >>> That doesn't solve either problem though, surely? >>> >>> my 2p on #freenet: >>> >>> [17:48] <dbkr> as far as both-way-adding goes, I think that's where we >>> reach a >>> tradeoff with security, which is one of the main challanges for Freenet. >>> [17:49] <dbkr> I'm not convinced the whole difficulty of exchanging refs >>> isn't >>> a red herring - everyone can handle emailing a file. >>> >>> I'm definately in favour of the ability to burn a CD with an installer on >>> it >>> that installs a node with your reference pre-bundled, although I think >>> leaving the installer out for an emailed-version means it's nothing the >>> user >>> couldn't do themselves. >>> >>> >>> Dave >>> >>> >>> >>>> If that were in place, you could send an e-mail saying: >>>> >>>> Hey Jon, I just found this cool new thing called freenet, which lets you >>>> get to all sorts of sites which aren't on the normal web! It's >>>> anonymous, and free, you should check it out. It works by connecting >>>> through each other's computers, but I'll let you connect to me to get >>>> started. >>>> >>>> Go to FreenetProject.org and download it, then give it my hostname, >>>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >>>> >>>> Don't give anyone else that information, or it won't work. It'll only >>>> allow one connection.. After your up, you can connect to other friends, >>>> and everyone's connection gets faster. >>>> >>>> I'm on IM if you want to talk about it. >>>> -Person you Know. >>>> >>>> Matthew Toseland wrote: >>>> >>>>> We will only get a darknet if it is really easy to swap references with >>>>> your friends - opennet or no opennet. >>>>> >>>>> The original idea for Freenet 0.7 reference swapping was that you: >>>>> - Go to your node, and ask it to create a bundle. >>>>> - Send the bundle to your friends. >>>>> - They unzip it and run it to install Freenet. >>>>> - The bundle includes your noderef. >>>>> - It also includes a one-time key that allows the node to automatically >>>>> connect to yours despite yours not having their noderef yet. >>>>> >>>>> There are two big problems with this: >>>>> >>>>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>>>> you must have already exchanged references, full stop. THIS SUCKS. It >>>>> also affects connectivity for newbies in a bad way (which is important >>>>> IMHO). >>>>> >>>>> 2) Generally people shouldn't run programs that they receive in emails! >>>>> >>>>> Solution to the first one - and to newbie connectivity issues - is to >>>>> implement UP&P and hope that routers implement it properly in future - >>>>> is this a realistic hope? >>>>> >>>>> Solution to the second one is to just send the noderef and a link to the >>>>> website, and only use full bundles when e.g. giving somebody a CD-R >>>>> (which we should make really easy). >>>>> >>>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>>>> not sure how well this would work for newbies, and in any case I set up >>>>> a darknet-tools list for people to talk about this and nobody has even >>>>> talked about it since a few days after it was set up, let alone done >>>>> anything. >>>>> >>>>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>>>> only one to think that's very stupid? >>>>> > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
