On Thu, Jan 23, 2003 at 04:30:58PM +0000, Gordan Bobic wrote: > On Thu, 23 Jan 2003, Matthew Toseland wrote: > > > On Wed, Jan 22, 2003 at 11:40:43PM +0000, Gordan Bobic wrote: > > > Hi, I've got a few questions about the current fred implementation. > > > > > > I've heard the issue raised recently about a FAQ stating that the > > > communication between the Freenet nodes is not encrypted. Is this true? Other > > > documentation implies that all communication between individual nodes occurs > > > over encrypted connections. I suspect the FAQ in question is wrong, but I'm > > > curious to find out for sure. > > > > Not true. _Everything_ is encrypted in freenet, at least once. > > Connections are encrypted using the node public/private keypairs. > > Aren't connections between the nodes connected on a per-connection basis > with one-off keys (like https, for example)? Or was this deemed > unnecessary, and the payload is just sent to the relevant port, so only > the intended recipient node can actually decode and read it?
We use DSA. Asymmetric crypto is really slow, so we just use it to negotiate a (random) session key. > > > > The next question is regarding the network setup used for Freenet. Can the > > > current node implementation deal with living on multiple IP addresses at the > > > same time? If Fred is running on a multi-homed system, load balanced over > > > multiple networks, with the relevant ports forwarded from the central hub to > > > the actual node (single interface on fred host, with multiple interfaces > > > port-forwarded to it from the hub), will this work as expected? Or is it > > > > Well... it won't autodetect. But if you set up round-robin DNS for the > > IP addresses, and then force ipAddress to that address, _that_ is known > > to work. > > How will the network deal with the situation where nodes exchange routing > information, and some think that a particular key is related to one IP > address, but the others think it is related to a different address, at the > same time? Will this not cause information drift where eventually all > nodes will converge to one IP address? Or do the nodes understand the > concept of multiple IP addresses? Or is the node location always assessed > by name, rather than IP address, when the name is supplied? Errr. A key is associated in each node's routing table with a node reference. A node reference has one IP address, but that can be either a plain IP address or a name. For more information about nodes exchanging routing information, see the papers on the website. > > > > Thirdly, what are the implications of running multiple nodes on the same IP > > > address(es), on different ports? Will this work as expected? Will it work at > > > all? Will it break all of the nodes sharing the address(es)? > > > > Yeah, it works. It is used extensively by developers for testing > > purposes. > > OK, thank you. :-) > > Will these nodes end up talking to each other? Or will they > ignore each other when they notice they are on the same IP address? They may or may not. They do not care what IP address they are on; it is the node identity that uniquely identifies a node, since the IP address and the port can change. > > > A node identity is a public key... the node itself has a private key. > > Normally passed along with this is a list of "physical addresses", > > including something like tcp/arthas.dyndns.org:9013. > > So, the addresses are always passed by name, when the name is supplied? Yeah. If the ipAddress is set, then the node uses that, whether it is an IP address or a name. If it is not set, it tries to autodetect the internet IP address. If it can't autodetect because of being behind a NAT firewall, it grumbles and downgrades to a transient node, unless you have set the ipAddress already - setting a static or DNS name is the only way to run a permanent node behind a NAT firewall (and you still need a port forward). > > Thank you. > > Gordan -- Matthew Toseland [EMAIL PROTECTED][EMAIL PROTECTED] Full time freenet hacker. http://freenetproject.org/ Freenet Distribution Node (temporary) at http://amphibian.dyndns.org:8889/I3mGXPd6zTA/ ICTHUS.
msg01050/pgp00000.pgp
Description: PGP signature
