Ahh! Now I see! The gateway does look like it could work, you'd just need to increase
the HTL. Also, the gateway could act as sort of a chaching proxy for all of the local
subnet nodes because it would have this massive reference list (it would have all of
the references for each of the subnet nodes). You could evenhack something in to tell
the subnet node to not even check its reference list and go straight to the gateway
for all requests. Hmmmmmmmm. You could also hack something into the gateway to have
two trust lists. One for the subnet and one for everyone else. This means that
requests from outside coming from a node on the subnet trust list would propagate into
the subnet. If it were not on that list, it could not get in. The gateway would
still accept it, though, if it were on the everyone else trust list. Then it would
relay the request, but only to nodes outside of the subnet. If the requesting node is
not on either, it would deny the request.
I still see a problem: What if there is someone no one trusts? He would not be able
to use Freenet at all. I am envisioning some powerful agency somehow making a
completely trustworthy node suddenly seem untrustworthy (freenet slander). Also, you
would have to know someone to start using Freenet because you need to find at least
one node to allow requests.
Also: If you have a chain of nodes like the one below, only very long, A could not get
data from the last node because the path is longer than the HTL. I know this is
unlikely to be a problem in large networks, but it seems to me to be a problem.
eric
On Sun, Dec 24, 2000 at 08:40:07PM -0800, Mr.Bad wrote:
> >>>>> "E" == Eric <[EMAIL PROTECTED]> writes:
>
> >> I don't think we're on the same page on this. In my mind, VERY
> >> FEW PEOPLE would know about my node's existence at all -- only
> >> folks that I'd made out-of-band agreements with.
>
> E> How anonymous is that? I thought the point is that you have no
> E> idea who you are getting the data from or who requested the
> E> data. By putting those sorts of measures into effect, we make
> E> each cluster a target. People will try to gain trust, become
> E> accepted into the cluster, than take advantage of the
> E> vulnerabilities. I would much rather have anonymity.
>
> OK, I still think I'm not explaining myself well enough.
>
> Consider this simple network:
>
> A - B - C - D - E
>
> In this config, A only knows about node B, B only knows about A and C,
> C only knows about B and D, and E only knows about D. However, A can
> request a key from B that actually lives on E. The data will get
> pulled over to the A through B. A _can't_ know that it originally came
> from E.
>
> I can get a widely distributed network while each node only knows
> about and connects to a few other nodes. This is a good thing.
>
> Note that I don't have to set up a trust between A and E. A and E
> don't make direct connections to each other at all. Just A and B have
> to trust each other. As long as B trusts some OTHER people, and THEY
> trust OTHER people, and so on and so on, the network stays connected.
>
> >> I don't think it would be a popularity contest at all. Even if
> >> I was very trustworthy, I wouldn't set up an agreement with YOU
> >> if you were untrustworthy.
>
> E> It seems pretty elitist to deny requests to a computer because
> E> they aren't on your list.
>
> Damn straight. I don't like cops, lawyers, haX0rs or pheds, and I'm
> real elitist about letting them connect to my node.
>
> E> Freenet, to me, seems to be built around the principles of free
> E> speech and free access to information to anyone. Trust lists
> E> seem to impede the flow of information.
>
> Yes, they do, but I don't think in the way you say. The probability is
> that nodes will be less "bushy," with fewer references to other
> nodes. This will make the chances of a request timing out higher. The
> fixit for this is to increase the default HTL, as best as I can figger
> out.
>
> E> One last qualm before I shut up: Suppose an FBI agent outside
> E> of your trust list requests data from the gateway to your
> E> private network.
>
> He gets rejected (remember, no connects from untrusted nodes). But for
> the sake of your question, let's take it as a given that I've set up a
> public gateway without restricting who can connect to that gateway.
>
> E> The agent now knows for sure that it comes from someone inside
> E> of that network (although finding out who is in that network
> E> might be tough).
>
> Of course not! My gateway would really suck if it only sent queries
> INTO the subnet. Example:
>
> Z
> |
> |
> (elsewhere) --B-------C-------D-- (elsewhere)
> |
> |
> +--+--+--+--+
> | | | | |
> E F G H I
>
> Let's say that the phed is at Z, I'm C. E, F, G, H, I are in my
> subnet. B and D are my trusted peers. Z sends me a request. I could
> either route that request into my subnet or out to B or D. So Z can't
> KNOW that the data came from my subnet.
>
> ---8<---
>
> Let me reiterate that there are two concepts going on here:
>
> 1) "private networks," "clusters," "subnets"
>
> A gateway node stands between a group of nodes and the greater
> Freenet. Whenever a StoreData message passes through the gateway
> from the greater Freenet to the protected group, or from the
> protected group to the greater Freenet, the gateway rewrites the
> dataSource so that it appears that the data came from the gateway.
>
> This keeps "outside" addresses out of the routing tables of the
> protected nodes, and "inside" addresses out of the routing tables
> of outside nodes. In other words, it keeps the addresses of the
> "protected" nodes hidden from the outside world, and vice versa.
>
> 2) Don't Talk To Strangers
>
> A node (gateway, protected, otherwise) has a list of other nodes it
> allows to connect to it, and that it connects to. Connections from
> nodes not on the list are rejected. If it receives a StoreData with
> a dataSource different from the node it received from, it changes
> the source to the node it received from.
>
> This prevents the node from being entrapped by some hostile
> exterior node. An FBI node can't request a child porn document from
> my node, have me request it from downstream nodes, then put me in
> jail for providing him with child porn.
>
> It also may help against some other attacks.
>
> Both of these make for slower networks. However, they decrease the
> propagation of addresses, and make nodes (not publishers or readers)
> more anonymous.
>
> ~Mr. Bad
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> /\____/\ Mr. Bad <[EMAIL PROTECTED]>
> \ / Pigdog Journal | http://pigdog.org/ | *Stay*Real*Bad*
> | (X \x)
> ( ((**) "If it's not bad, don't do it.
> \ <vvv> If it's not crazy, don't say it." - Ben Franklin
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _______________________________________________
> Freenet-dev mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/freenet-dev
PGP Key 0x3AFA955A.
