On Mon, Dec 25, 2000 at 04:49:01PM -0800, Ian Clarke wrote:
> > > > Anyone in fear of having their Freenet shutdown *must have* this
> > > > option.
> > > No. There may be a way to address this concern, but this definitely isn't
> > > it. It creates bottlenecks and central points of failure, and reduces
> > > Freenet's ability to scale.
> > Substantiate such claims. I've refuted your claims that clusters hurt the
> > network already. My position is that clusters 1) don't break Freenet,
> > 2) are the only way to stop MediaEnforcer-style attacks, 3) don't have to
> > hurt Freenet efficiency at all if implemented properly.
>
> Why are clusters better than just finding a server that you trust and
> connecting to it using your client? This is functionality that is already
> in Freenet and which doesn't create these crazy mini-gnutellas.
>
> > So your answer is that there is no threat? I think you're presuming an
> > overly weak attacker.
>
> My official answer is that Freenet protects the anonymity of producers and
> consumers of information, but not the actual operators of Freenet
> nodes. The same is true of systems like Mixmaster which claim to be even
> more strict than Freenet in terms of their security. My unofficial answer
> is that any ISP who tries to do 64,000 DH key-exchanges with any of their
> customers won't be in business for much longer.
Right. So assuming people don't run on 19114, harvesting IP addresses from a
cancer node is the best way to get them.
>
> > > scan would not be able to confirm the presence of a Freenet node without
> > > the appropriate public key! Much more likely that they would just run a
> > > Freenet node and harvest IP addresses from it.
> >
> > A very easy attack which can only be defeated by rejecting connections
> > from unknown hosts.
>
> But an attack which would allow them to harvest only a very small number
> of IP addresses relative to the entire network, most of which will
> probably not be within range of their shut-down ability (ie. gutsy
> domestic universities, foreign universities, or small companies with their
> own internet uplink with the types of connections that can't be cancelled
> at a whim).
Why will this yield only a small number of addresses? The source address is
reset randomly, so over the course of many requests, you will have a good
chance of seeing a new node. Connect to that node, ask for some more keys,
continue tunneling. What protects against such an attack (within a
x.0.0.0/8 obviously as source is reset when switch networks)? I sadly can't
test this theory experimentally for a month or so because I need to buy new
hdd to fix up my system.
>
> > A cluster acts just like a node, so it doesn't mess anything up.
>
> So why should it not just be a node with clients hanging off it?
>
> > Freenet will not become widely deployed if people are scared to use
> > it.
>
> Just like people were scared to use Napster?
>
> > Therefore, it is imperative that protection be given to individual
> > users.
>
> My first answer is that protecting the anonymity of Freenet node operators
> was never an aim of this project.
>
> If someone wants to create such a system then they should write some
> software which uses steganography to allow the transmission of hidden
> encrypted messages through phone conversations which is resistent to
> third-world quality phone-lines, and with precautions against
> Tempest-style monitoring etc etc.
>
> My second answer is that there is safety in numbers. Widely deploying
> Freenet all over the world is the best defence against this.
>
> My third answer is that this is a much bigger issue than whether people
> can run Freenet nodes. Internet access is increasingly important, an
> essential service. Your water company cannot arbitrarily cut-off your
> water without a darn good reason. Internet access should be the same, and
> I don't think that this is something we should just work-around in
> software.
>
> Ian.
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
