Re: [freenet-support] getting bigger - time to raise defaults
On Tue, Nov 05, 2002 at 08:03:27PM -0500, Zlatin Balevsky wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | high if it's a big freesite. The correct response is to implement | mixmastered first two hops, which we will not implement before 1.0. This is all nice and good, but please consider raising the defaults even if by just a little _now_. It will help the end-user experience greatly. Um, this is a completely separate question. Scalability, which has very little to do with anonymity. Thanks in advance. -- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/ msg02021/pgp0.pgp Description: PGP signature
Re: [freenet-support] getting bigger - time to raise defaults?
Zlatin Balevsky wrote: The network is getting bigger and bigger. Most of my requests DNF with htl 15 but are retrieved with 25. Maybe its time to up the defaults a bit. There is a bigger problems with actual implementation of HTLs: unless a node operator explicitly asks otherwise, all requests get out with HTL=15. This means that the node you send the request to will be able to guess (with low probability of error!) that you are the originator of the request. Fixed default HTL is evil. Add (signed) a random number to each request. Fixed default maximum HTL is even more evil. To be more protected you must not use that number, so you have a max HTL=24, with might not suffice for some content. Iff I manage to understand the code I'll try to offer a patch to this problem. Menawhile you are advised to change your configuration from 15/25. -- --- TLD There is no Good, one thorough, there is no Evil, there is only Flesh [Pinhead] ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] getting bigger - time to raise defaults?
Matthew Toseland wrote: Fixed default HTL is evil. Add (signed) a random number to each request. Even that is not sufficient. If you access a site with lots of images and many of the requests go through a particular node, then it can deduce a probability for you being the originator, which gets pretty high if it's a big freesite. The correct response is to implement mixmastered first two hops, which we will not implement before 1.0. I am not sure about what you mean by mixmastering the first two hops. I read it like you're talking about sending originating requests to a random node (no matter if it's nearer to the data), which might work as long as the enemy isn't all around you (in a good %). But what about the second hop (the first is you)? How does he know it has to randomize the path? If the packet is tagged then he knows it's you the sender. If it is not, the best path will be chosen, which in turn might as well go to those nodes you're trying to avoid. Am I missing something? Fixed default maximum HTL is even more evil. To be more protected you must not use that number, so you have a max HTL=24, with might not suffice for some content. Hmmm. Why? BTW, please don't modify the maximum HTL parameter unless you _really_ know what you are doing, if you modify it by hand then future increases in the default value won't be implemented by your node because it will use the overridden value. Why you shouldn't use 25? Because it is a flashing neon light saying it was me who sent that. Why not all content will be reachable? Well, I see that for some content I really have to search thoroughly (more than 20HTL) before I get it. About setting the max HTL, that is not a problem right now. I might as well set it to 1024, I doubt anyone will set the default that high in the near future :). In other words, anyone except me will clamp that value to 25 or whatever default it becomes, and almost nothing changes. I argue that any default fixed value for max HTL could compromise anonimity. I also think max HTL should be a (partially randomized) value. If code for that change will be included I guess it won't matter if I have set my max HTL or not, since max HTL will change over requests. Please correct me if I am wrong. Greetings :) -- --- TLD There is no Good, one thorough, there is no Evil, there is only Flesh [Pinhead] ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] getting bigger - time to raise defaults
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | high if it's a big freesite. The correct response is to implement | mixmastered first two hops, which we will not implement before 1.0. This is all nice and good, but please consider raising the defaults even if by just a little _now_. It will help the end-user experience greatly. Thanks in advance. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9yGpftv7fB/jjYokRAhF2AJ0eCT2GRwpTYlRhRT7OSFjGFj/D7gCghexl WaPxCw91Ei4fQYQeRPfKjR4= =kNEf -END PGP SIGNATURE- ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] getting bigger - time to raise defaults?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The network is getting bigger and bigger. Most of my requests DNF with htl 15 but are retrieved with 25. Maybe its time to up the defaults a bit. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9xxW4tv7fB/jjYokRAsQfAKCAVERph1ITOMqAl7HbVak9d+7kXgCgmMGp tvvwY6uc7cBM32CDZT2fO+I= =aTX6 -END PGP SIGNATURE- ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support