For WebRTC I am talking about
http://lists.w3.org/Archives/Public/public-webcrypto/2013Nov/0057.html
and http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-07, a
third party where you have an account is used to make sure the one you
have established the DTLS connection with is the expected one, and it
can be google, twitter, fb, etc
What was meant then by "-- logins, reputation, social network
connectivity, etc"?
The facilitators are a "detail" in Peersm concepts, they are there to
bridge with clearnets such as bt or eventually the web (for bt once the
content is inside the Peersm network they are not used any longer for
this given content of course, for the web, I already said it, the
browsers can connect directly to the Tor network, the OP is inside the
browser so it's as secure as the usual Tor, people can use the Tor
bundle on top of it if they like, but this is in practice completely
useless) but their main use is to behave like headless browsers running
in background in order to continue sharing the contents if the peers
close their browser, they are exactly like browser peers and there is no
story of clearnet for them too inside peersm network.
So they are there to "bootstrap" the content from other networks and
keep the content alive in the meantime there are enough peers, I still
don't see very well why you find them "uncool" compared for example to
traditional Tor exit nodes.
The slides apparently are not self explainatory, you are
misunderstanding the project, there are no concepts of clearnet and
centralization inside peersm.
You should take a look at
https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-inside-browsers---peersm-specs,
and if you find something "old", "insecure" or related to clearnet then
please let me know.
That's based on myself + many p2p/anonymity papers and discussion with
different experts.
I think it does solve the takedown issue too because it might become
well known that taking down a peersm peer based for example on some
search in the DHT, you don't take down the good one that has the
content, you are taking down one peer that is relaying the data, might
not know it is doing it, does not know what it is, from whom, to whom,
so there are no legitimate reasons to take it down.
Now since we are there, there is still an open question if people around
the table here have some ideas: the "Data validation" section, given the
size of the chunks it seems unlikely to perform a usual verify operation
for each one, as I see it the validation should not make 100% sure the
chunk is correct but should make sure it might be a good one.
Regards
Aymeric
Le 15/05/2014 02:07, grarpamp a écrit :
Using your google or twitter account to secure you communications (like
webRTC is planning to do to secure the DTLS self-signed certificates) seems
not appopriate at all to me, you are increasing unnecessarly the (already huge)
influence of these entities which can become the attackers.
No idea what you're talking about. No one is suggesting using goog/twit
for anything. We're saying run legacy p2p and other apps over secure
anonymous networks.
Maybe http://www.peersm.com
No. The slides show use of clearnet interface to BT/web so those
RTC exit 'browsers/people' running it there are still at risk. Quite
uncool for peersm users to offload their content risk onto such
gateways via tor protocol.
What is uncool compared to a Tor exit node? The facilitators are bridging to
bt/web, until the bt clients can talk the browser's language (WebSocket,
WebRTC), they are not really necessary for the web since you can access the
Tor network via WebSockets.
It is uncool for the consumers on the left of the 'principles' slide
to offload their risk of 'filesharing' behaviour onto the 'facilitators
that run bt/web over clearnet' on the right half of the slide.
While such 'facilitators' may wish to take on that risk for the users
on the left, it's all still a waste of a clearnet game. There's no reason
p2p filesharing has to talk to clearnet when all peers can just move
themselves safely and entirely onto and within anonymous networks
forevermore.
p2p is by definition without need to centralized corporate clearnet
hubs. It is peers talking to peers, they make up their own network
base. So this insistence people have on building insecure non-anon
p2p protocols in the clear over clearnet is old. Yes p2p/dht is often
necessary to distribute load over anonymous nodes in slower anon
nets. That p2p/dht/anonet technology does in fact need development
help in scaling up to millions of users.
But even if bt clients could talk with peersm users this does not solve the
issues of bt protocol, really too transparent.
"they're not solveable with clearnet solutions. ... BT is and will be
insufficient until you [run it entirely within] an anonymous net, or it
becomes one itself"
That's what we are trying to propose with peersm protocol.
No, that peersm slide seems to protect the users at the left over
their torlike circuits at the expense of the facilitators exposure
on the right. This is not a solution to the 'takedown' issue since
the facilitators will still get 'takedown'.
If you put both left and right sides, and far right side of 'bittorrent
network' and 'web sites' all under anonymous networks you would
have no problem. Peersm does not do that so it is an incomplete
solution to takedown issue, particularly with bidirectional bt protocol.
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
