* Colin Davis <Colin at sq7.org> [2007-03-05 15:06:35]: > I have no problem with an installer, that include your noderef- In an > ideal world, that'd be the primary way people Get freenet. If I recall, > .5 created a custom install, but almost no one ever used it. > > I think the passphrase solution works well enough, if it's locked down.. > > > As for NAT issues, forgive my being out of touch, but I thought that was > solved a year ago.. If I recall, I thought that even if Side-A and > Side-B were both firewalled, they could connect.. > > When Side-A added the noderef of B, it would start sending out packets > to B, knowing that they won't get returned.. But the Sending of these > packets would open a NAT-hole.. > Then, Side-B would get around to adding the noderef of A, and start > sending packets to A, opening a NAT-hole on their own side.. Side A's > packets then get in through this hole, just as B's now arrive at A. > > What am I missing? > > -Colin
Both of you are missing the important point : on darknet we don't want to reveal the network topology : we can't rely on a third party to do the job. As far as I know all the NAT circumventing methods are involving a third party. Please move the thread to @tech :) NextGen$ > > > That said, > David Sowder (Zothar) wrote: > > Colin Davis wrote: > >> It solves #2- Don't run things you get in e-mail.. > >> > >> Instead of requiring a Noderef, allow someone to connect with just a > >> password, and the IP address. This is something you can TELL someone, or > >> say in an IM, no file transfer required. > >> > > I don't think we should necessarily categorically discount a fred-based > > installer distribution servlet because of NAT problems. What if we > > allow decoupling the installer from the noderef? Then those that can > > overcome or don't have the NAT problem can host the installer. If I, > > for some reason, cannot host the installer, perhaps one of my peers is > > willing to share their installer hosting such that I could get "access > > keys" from his node to pass out to my friends and include my noderef > > from the distribution area of FProxy in the email I send to my friend > > with the "access key". My friend saves the attached noderef (which was > > attached as a file with a .fref extension) to a file, connects to the my > > peer's installer host, uses the "access key", which will probably be > > part of the URL, and downloads and installs the node. Then my friend > > can double click on the .fref file he downloaded, which includes a > > one-time code generated by the distribution area of my FProxy (or FCP > > server) that my node uses to authenticate the addition of a node I > > didn't already have the noderef of. Node installed in a decentralized > > way. Peer connection created. > > > > Pass phrases could work, but I think they should have something like a > > 32 character minimum length. (I wonder if there are passphrase > > dictionaries yet.) > >> Dave Baker wrote: > >> > >>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: > >>> > >>>> I know it's less secure, but what about simply allowing people to > >>>> connect to your machine if they know a passphrase? The passphrase would > >>>> take the place of the Key, but be user-settable, and short. > >>>> > >>> That doesn't solve either problem though, surely? > >>> > >>> my 2p on #freenet: > >>> > >>> [17:48] <dbkr> as far as both-way-adding goes, I think that's where we > >>> reach a > >>> tradeoff with security, which is one of the main challanges for Freenet. > >>> [17:49] <dbkr> I'm not convinced the whole difficulty of exchanging refs > >>> isn't > >>> a red herring - everyone can handle emailing a file. > >>> > >>> I'm definately in favour of the ability to burn a CD with an installer on > >>> it > >>> that installs a node with your reference pre-bundled, although I think > >>> leaving the installer out for an emailed-version means it's nothing the > >>> user > >>> couldn't do themselves. > >>> > >>> > >>> Dave > >>> > >>> > >>> > >>>> If that were in place, you could send an e-mail saying: > >>>> > >>>> Hey Jon, I just found this cool new thing called freenet, which lets you > >>>> get to all sorts of sites which aren't on the normal web! It's > >>>> anonymous, and free, you should check it out. It works by connecting > >>>> through each other's computers, but I'll let you connect to me to get > >>>> started. > >>>> > >>>> Go to FreenetProject.org and download it, then give it my hostname, > >>>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > >>>> > >>>> Don't give anyone else that information, or it won't work. It'll only > >>>> allow one connection.. After your up, you can connect to other friends, > >>>> and everyone's connection gets faster. > >>>> > >>>> I'm on IM if you want to talk about it. > >>>> -Person you Know. > >>>> > >>>> Matthew Toseland wrote: > >>>> > >>>>> We will only get a darknet if it is really easy to swap references with > >>>>> your friends - opennet or no opennet. > >>>>> > >>>>> The original idea for Freenet 0.7 reference swapping was that you: > >>>>> - Go to your node, and ask it to create a bundle. > >>>>> - Send the bundle to your friends. > >>>>> - They unzip it and run it to install Freenet. > >>>>> - The bundle includes your noderef. > >>>>> - It also includes a one-time key that allows the node to automatically > >>>>> connect to yours despite yours not having their noderef yet. > >>>>> > >>>>> There are two big problems with this: > >>>>> > >>>>> 1) Everyone and his dog is behind a NAT. This means in order to connect > >>>>> you must have already exchanged references, full stop. THIS SUCKS. It > >>>>> also affects connectivity for newbies in a bad way (which is important > >>>>> IMHO). > >>>>> > >>>>> 2) Generally people shouldn't run programs that they receive in emails! > >>>>> > >>>>> Solution to the first one - and to newbie connectivity issues - is to > >>>>> implement UP&P and hope that routers implement it properly in future - > >>>>> is this a realistic hope? > >>>>> > >>>>> Solution to the second one is to just send the noderef and a link to the > >>>>> website, and only use full bundles when e.g. giving somebody a CD-R > >>>>> (which we should make really easy). > >>>>> > >>>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > >>>>> not sure how well this would work for newbies, and in any case I set up > >>>>> a darknet-tools list for people to talk about this and nobody has even > >>>>> talked about it since a few days after it was set up, let alone done > >>>>> anything. > >>>>> > >>>>> <_ph00> so the basic problem is "how to safely exchage refs", and the > >>>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > >>>>> only one to think that's very stupid? > >>>>> > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
