Raphael Manfredi wrote: > Quoting Haxe <[EMAIL PROTECTED]> from ml.softs.gtk-gnutella.devel: > :On Sunday 18 September 2005 00:41, Raphael Manfredi wrote: > :> A call for idea is launched: how can we make sure this GTKG-specific > :> server is not used by other servents,
> :You can't. But if it's something specific to GTKG, I don't think that > :others will try to exploit it. I suspect they likewise have their "own" > :servers. I'm not sure what's meant with "exploit". GWebCaches have always been free for all and for a very long time, Gtk-Gnutella did not have its own bootstrap servers. It's actually a huge leap backwards that we seem to need client-specific bootstrap servers. It shows that a minority of egoistic and incompetent minds is successfully destroying the spirit anf infrastructure of an once open and vendor-independent protocol and network. > Well, you can make it GTKG-specific by using several tricks: for instance, > you can use the token logic GTKG uses to identify itself, which is not > secure but is a burden to adapt by foreign servents. > > You can also implement a port-rotation logic whereby the listening port > depends on an alogrithm based on the time of the day, and whose logic > of computation is specific to GTKG (and shared by the specific GWC). Actually, I don't really know what you need a GWC for if it's GTKG specific. You can simply run a topless GTKG that is configured appropriately for this sole purpose. Really, it would defeat the purpose to transfer this obfuscated secrets to another software. > Finally, you can make your own binary protocol for exchanging information, > and not use HTTP, which will make it harder (but not impossible) to reuse > by foreign parties. I would suggest to use TLS encryption to stop abuse by the hostile party called ".edu admin" and L7 fascists. -- Christian
pgp96iYZ62tFF.pgp
Description: PGP signature
