David ?Bombe? Roden wrote: > On Wed, 2007-10-31 at 22:11 +0100, Florent Daigni?re wrote: > > >> Link security is the obvious thing... DoSes are an other one. >> > > We're talking about FCP here. Where is the DoS potential? > DoS potential would be limited to the IPs allowed FCP access in the first place. This will, in general, boil down to DoS only by trojan in my thinking. >> Generally speaking, the less services the node provides, the simpler >> the protocol is... The best it is for everyone. >> > > Which is true for FNP but not necessarily for FCP. > Yes. I in my thinking, FCP's job is to encourage Freenet related apps and promote a standard method of communicating with Freenet and Freenet-related facilities in the process. >> By the way sharing our RNG with clients is probably a bad idea (most >> crypto operations involve using some randomness) and we will have to >> expose it at some point if we want clients to do some useful stuffs. >> > > You don't have to expose the RNG. The node just needs to perform a > couple of operations on behalf of the clients. You could even add the > FCP messages as an entropy source. > > > >> That's what the GenerateSSK message is for. >> > > You have no idea what I'm talking about, do you? Otherwise please tell > me how I use that key pair to encrypt data. Thank you in advance. :) > Yes, GPG-style key pairs rather than public and private SSK keys. >> I still don't get why clients can't import our classes ... and do >> their own crypto with it (okay they are licencing issues... but we >> want everyone to use GPL, don't we ? :p) >> > > Because then client developers have to learn Yet Another API buried deep > within the bowels of another software. That sucks. FCP would be a clean > lean, and mean interface for crypto operations. And, frankly, from what > I've seen so far the freenet crypto API is far from being clean, > documented, and usable by other people. You'd have more success with > SUN's JCE. > > Just to be clear: What I want is to perform cryptographic operations in > a client. I want to create key pairs that can identify a user. I want to > create session keys to encrypt data. I want to sign data with the keys I > generated. Decrypting. Verifying. Client stuff, you know? :) > > What I do NOT want is to busy myself with JSE, JCA, BouncyCastle or any > other API because the node can already do all that for me. > I would add that importing the Freenet classes requires my project to be locked into Java, which is not desirable to me. Why not export the functionality via FCP, so any language can use the crypto libraries Freenet has built up rather than relying on whatever good/bad algorithm coverage might be easily available in the external project's language of choice.
pyfcp apps could get crypto "for free" to use over Freenet rather than having some third party Python module need be installed because of crypto export restrictions for the developer and the like. I've already had one idea stall because of the crypto situation in Python and FCP exported crypto functions would have made it a non-issue.
