>>>>> "IC" == Ian Clarke <[EMAIL PROTECTED]> writes:
IC> So I was sitting in the bath this-morning and I think I may
IC> have the beginnings of an idea about how to address this issue
Isn't that how all the best ideas get done? B-)
IC> Let's say, on the introduction of public/private key
IC> inter-node comms, a node address looks like
IC> ptcp/x.x.x.x:yy/PUBKEYPUBKEY
As an aside -- is there someplace I can find the proposal for pk in
Freenet? Or is it one more of those hivemind designs that Freenet is
famous for (i.e., everybody considers it obvious except for me. B-)?
I'm just not sure I grok the goals.
IC> What if we define a new address type, called a "Shadow
IC> Address", which looks like this:
IC> stcp/x.x.x.x:yy/PUBKEYPUBKEY/CYPHERTEXTCYPHERTEXT
IC> Where the cypertext is a node address (with some added random
IC> salt to thwart traffic analysis) encrypted using the public
IC> key. When a node wishes to send a message to a ShadowAddress
IC> they must forward it to the node at x.x.x.x:yy which will
IC> decrypt it and forward it to the decrypted address.
So, if I understand the advantage of this, it's that outside nodes
(yes, I can't help thinking of "inside" and "outside") will still be
able to have unique addresses for "inside" nodes, but all requests
will route through the "shield" node? Is that right?
And all the shield node does is provide an address-rewriting service,
kind of like a PGP mail anonymizer. In fact, maybe it wouldn't hurt to
support shadow chaining....?
One thing I'm not sure of, though: what's the advantage of having lots
of shadow addresses out there, if all messages still have to go
through the "shield node"? I see that it's a different mechanism, but
I'm not sure I understand the topological difference between shadow
addresses and clusters.
On first glance, though, this sounds like it would do a good job of
replacing "clustering" without actually doing any clustering. B-)
Although it -does- kind of draw more attention to a shield node than a
clustering system would (since no one would know that a gateway was
actually a gateway, but a shield node's IP address goes out with every
shadow address).
However, shadow addresses still don't deal with "shy nodes."
~Mr. Bad
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/\____/\ Mr. Bad <[EMAIL PROTECTED]>
\ / Pigdog Journal | http://pigdog.org/ | *Stay*Real*Bad*
| (X \x)
( ((**) "If it's not bad, don't do it.
\ <vvv> If it's not crazy, don't say it." - Ben Franklin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
