> Anyone in fear of having their Freenet shutdown *must have* this
> option.
No. There may be a way to address this concern, but this definitely isn't
it. It creates bottlenecks and central points of failure, and reduces
Freenet's ability to scale.
> This is the *only* way to solve the MediaEnforcer problem. The
> same goes for the people in China. If the Chinese government wants to scan
> IPs looking for Freenet nodes and shut down any that they find, the *only*
> way to stop this attack is to reject connections from unknown nodes.
I think that it is *very* unlikely that this would be achieved by
port-scanning (do you know how long a port-scan would take over a 56k
modem, particluarly where a DH key-exchange must be attempted for each
port?). Additionally, with the introduction of Public-key crypto, a port
scan would not be able to confirm the presence of a Freenet node without
the appropriate public key! Much more likely that they would just run a
Freenet node and harvest IP addresses from it.
> If you have another solution to avoid detection then that is one
> thing. But otherwise, this feature is absolutely necessary to include in
> Fred. To do otherwise would be offering one version which is vulnerable to
> attack and another which is not, which is ridiculous.
Your solution could have one of several effects:
a) Nobody would use it because it is too difficult to obtain addresses of
other Freenet nodes through secure private out-of-band means. At least
this way it wouldn't do any harm, but would have been a waste of time.
b) People would use it properly, creating bottlenecks and central points
of failure in Freenet and generally fucking up the way the whole thing
works
c) People would use it improperly, giving them a false sense of protection
against this "attack"
I stick to my position - in a proper Freenet it will be *impossible* to
prevent people from fishing for IP addresses, although they will have
little or no control over which IP addresses they "catch". The point is
that it should be difficult for them to shut down an arbitrary node once
they have found it, and the best way to do this is to have Freenet so
widely deployed that there is a higher possibility of getting hit by
lightening than someone with the power to shut down your node actually
finding your IP address.
There may be other precautions, but this is the only reliable one I have
thought of so far.
Ian.
PGP signature
