> As Scott has pointed out, capturing the gateway node would provide a nice
> neat list of nodes whose owners previously believed were safe as houses,
> where as capturing a normal Freenet node would give you a somewhat random
> list of other nodes which could be anywhere in the world.
Same thing if you're trying to shut down Freenet nodes. Also, let's be
clear about the MediaEnforcer attack. They scan IPs. They do not cease
node lists from detected nodes. Public key crypto defeats the
MediaEnforcer attack (scanning IPs doesn't work).
Let us then consider the Enforcer Node attack in which they run a node to
"fish" for IP addresses. Public key crypto does nothing. Rejecting unknown
connections defeats this attack.
Let us then consider the Totalitarian Government attack. They run a node
and they cease node lists from detected nodes. Everything we have
including rejecting unknown connections fails against this attack.
So of the the 3 attacks (Enforcer, Enforcer Node, and Totalitarian
Government), Freenet 0.3.6 fails against all of them, Freenet+PKI fails
against the last two, Freenet+PKI+rejecting unknown connections fails
against one, and nothing we've come up with defeats the last one.
So rejecting unknown connections is still a stronger defense and is
therefore good, not bad, in terms of defeating attacks in this genre. It
doesn't solve everything, but neither does anything else so far.
> On the second point, there are serious questions over whether one of
> Brandon's clusters would be of significantly more value to Freenet than an
> individual Freenet node, not to mention the obvious client/server
> central-point-of-failure and host of
I have already addresses this. I'll address it again and then you can
directly bring up the flaws in my response in the future. A cluster does
not have a central point of failure. Clients connected to a trusted server
do have a central point of failure. A cluster is a group of peers, one of
which volunteers to be a gateway. If the gateway is shutdown, any cluster
node can volunteer to be a gateway. There can be multiple gateways.
The advantages of having a cluster instead of clients connected to a
trusted server is that cluster nodes are still useful members of the
Freenet community. If you have a 10 node cluster, then you have 10
nodes. If you have 10 clients then you have 1 node. Clusters are still
part of the network. If the gateways get shut down, they can still trade
within the cluster until a new gateway is established.
> "er, how do I find other trusted
> nodes who trust me" issues which Brandon seems to feel are not our
> problem, yet which has plagued systems such as ssh (ssh can be defeated
The arguement "people will find it difficult to establish clusters" is not
an arguement for "people should not have the option to establish
clusters".
> quite easily by a "Man in the Middle" attack without server
> authentication, yet server authentication requires some effort (although
> much less than a trusted-cluster approach would require) and almost nobody
> does it).
A much better example would be people using PGP. "People need to know how
it works in order to use it" is not an arguement for "people should not
have the option to use it".
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
