----- Original Message ----- From: "Tom Kaitchuck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 05, 2003 3:08 AM Subject: Re: [Tech] freenet not suited for sharing large data
> On Monday 04 August 2003 02:27 pm, Gabriel K wrote: > > Hmm don't quite follow your logic here... why n*m? On the contrary, you > > only ask n nodes. And also, it is possible to send the message ONCE to > > another node, and then it will propagate through the entire network, and > > each node will recieve the message only once (and forward it). The > > N is the Number of nodes in the network. > M is a FRACTION. M=1/(# of nodes that have the data.) > > > propagation is not serial through all nodes, it has some parallellism > > depending on the how many nodes you want each individual node to know > > about. > > My point was that you ether ask nodes one at a time, and the request stops > when one has the data, or you fork the request and everyone within a set > radus gets it. (or some where inbetween.) So N*M is the best case, N is the > worst (although it would be faster.) > Reguardless of how you do this, you are still asking a HUGE number of nodes > for the data. If there are 1,000,000 nodes in the network, and only 5 have > the file (on average) you are asking 200,000 computers. That is a LOT of > wasted bandwidth! What's more the overhead of the netwok grows linerly with > proportion to it's size. IE: If the network doubles in size, the network > overhead doubles too. This is VERY VERY BAD! I guess you COULD stop when you have reached a node that has it. But if you proceed you could have multiple download sources. And as I said before, you could sort keys with something like achord into the network, (which is kind of you file manifest), and then you only need to ask O(log N) nodes. > > This can be achieved by ordering the nodes in rings, connected to > > eachother. I try to sketch my idea with illustrations and text at > > http://www.student.nada.kth.se/~m98_khl/O-net.pdf, feel free to have a > > look! > > > > > > > 2. If you could, would you trust a server that you did not know who > > > controlled? > > > > Well, the central server can only map who transfers a file to whom, but > > nothing else. > > That is everything! It know who you are, it knows everyone you have connected > to, and if it wanted it could find out everyone who downloaded or shared any > file. This is a non-anonymous network! After reading your PDF I can think of > a couple of ways of tracking down the IP of the admin. It is not secure at > all. Well, all nodes must trust that the admin is not compromised.. I don't think that is a big problem. In what way could you track down the IP of the admin? > > I agree fully. > > However I must say I still don't understand that way of thinking about > > nodes that join the network and then don't share their data.. I don't see > > that as a dangerous attack. > > That is a VERY dangerous attack! It means that if any computer can act as a > proxy before sending out a request/shareing a file, (And if they can't then > it's totaly non-anonymous) then any node can connect to all the nodes they > know of and ask them to be a proxy for all of thir files. Then they can calim > to have any and all the files on the netwok, finaly they can fake answer > requests VERY FAST. This means a single user on a fast connection can render > the entire network vertualy useless! Well none of this is allowed in my idea.. no node can decide who it will proxy for. Also, if a node fakes that it has files and then don't send them, it will be reported by a few nodes to the admin, and then be kicked out. So it won't disturb for long. > > But in the idea described in the pdf above, > > that's an easy fix. Because you have the central point that every node > > trusts and obey it is easy. > > This also means that your network is not just limited by it's lack of > scalability, but also the bandwith of the main server. Using your tenique to > obscure the admin's IP, you effectivly limit the the networks usefullnes by > the the bandwidth of the slowest user. Well, since no file data is sent through the admin, it must only be able to hande control messages. In fact, the same load is on each node. Control messages are small, so BW for them is not very much. Each nodes is required to reserve the BW needed for control messages. If it doesn't have it, it will be kicked from the network. > > heh, well that argument is only relevant to freeNet, where you upload the > > data first. > > In "my" model you don't upload the data first. So an "evil" node doesn't > > hold anyone elses data, only it's own. So it can't do any harm that way. > > Yes they can. Although I have not read it very throuerly I think there are > many vunrabilitys to your approach. IE: what happens when someone starts > dropping messages to admin etc. What happens when a node delays lots of > requests diliberately. What happens when they join and rejoin the network to > learn about more nodes and locate admin. What if they started an out of band > DNS attack on the node next to them, and then prevent the ring to > reconnecting. What about timing attacks? What about a malicious admin? etc. Well, I have thought of that too. All attacks on the net can only affect a ONE innocent node, and the admin is prepared to make a misstake in order to also ban the evil node. All the attacks you mentioned above have an answer in the PDF. Dropping evil messages to admin can only affect one innocent node before the attacker is kicked. If a node delays messages it will get kicked. joining and rejoining will not help to learn about more nodes. Admin can only be located by evil nodes if they are very lucky. They cannot decide where they end up in the network when they join, so if they are lucky enough to end up on each side of the admin, they could find out it is the admin. If the attacking set of nodes don't have this luck the first time, it's very likely they will never get that chance, because they are placed on the same locations in the network each time. Anyway, the admin can prevent this attack by placing a trusted computer on either side of it in the network. If an evil node destroyed a node beside it and then won't let the ring heal, admin will kick both ends and the let the ring rejoin. So only one node is innocently affected. (The destroying of the node with an out of band DNS attack is not an attack based on the network rules, so it doesn't count) I'm not sure what you mean by timing attacks? About malicious admin, that is the only trusted node, if it is malicious then all nodes are fucked. But I'm sure many networks would form people know are safe. But I agree it would be better if there was no admin. But having the admin makes many problems easy to solve. > > Hmm maybe I have missunderstood something about freenet.. I always assumed > > there are *many* freeNet networks.. > > Is there just one? I thought it's meant like DC, that anyone can start a > > little network. > > There is only one Freenet. It has several hundred thousand nodes. Well what is the point of having it so large when you can't find all the data in it if you wanted to? > > Maybe my assumtion is flawed.. Maybe the contents of a file sharing network > > is pretty static.. maybe you are right here yes.. > > > I think you mixed some things up that I said.. I don't want a central > > server in charge of routing. I only want it to take care of things that > > would be dangerous for the network as a whole if let to a single node to > > decide. Only that. > > What exactly does that include? Well, choosing proxies and kicking missbehaving nodes. /Gabriel _______________________________________________ Tech mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/tech
