On Friday 15 August 2008 01:00, Florent Daigni?re wrote: > * Ian Clarke <ian.clarke at gmail.com> [2008-08-14 18:42:57]: > > > On Thu, Aug 14, 2008 at 5:09 PM, Matthew Toseland > > <toad at amphibian.dyndns.org> wrote: > > > On Thursday 14 August 2008 20:01, Ian Clarke wrote: > > > What do you think of my changes? > > > > > > "We strongly recommend that you only use Freenet in darknet mode [are we using > > > the term "darknet" consistently? we can't force darknet here, since that > > > would basically prevent them from using Freenet unless they know other > > > freenetters]." > > > > > > I disagree: If they set most-paranoid then opennet should not be available > > > until they change the threat level to somewhat-paranoid. > > > > What is the point in that? If they are intent on using Freenet, then > > forcing them to select an inappropriate option doesn't make them any > > more secure! The question isn't so much whether opennet is secure, > > the question is whether it is more secure than the next best option - > > which in many cases will probably be a HTTP proxy, which are trivial > > to monitor. > > > > > The UI should make > > > it easy to upgrade or downgrade the threat level, enable opennet etc, but > > > should make it clear what the ramifications are. > > > > Yes, but forcing them to pretend that they have a lower threat level > > than they do is pointless. The purpose of this mechanism must be to > > inform the user, not make some futile attempt to restrict their > > behavior. > > > > The user has to be aware that it's always a matter of trade-offs... > > We shouldn't speak about a "threat levels" but a "threat level per threat model". > > IMHO they are three major threat models: > - Treachery (how much I can trust my peers to be good guys) > * tunnels, ... FOAF and shared bloom-filters for fast remote lookup
Tunnels are relevant to network as well. > - Network (should hide from ISP, risk of MITM, ...) And above all, a remote attacker attempting to trace you from your inserts / FMS posts / etc. That is *the* threat we are primarily concerned with. > * JFK, ... Opennet, sensitivity to Sybil > - Local (should provide some resilience against a seizure) > * bucket encryption, double-datastore encryption, ... none of those > > We could use that to our advantage when advertising Freenet: make a chart > comparing freenet and the security it provides against its alternatives. > It's something the gnunet guys have been doing since ages > (http://gnunet.org/faq.php3?xlang=English#compare) > > NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080815/30c78a03/attachment.pgp>
