Two possible caching policies for 0.7: 1. Cache everything, including locally requested files. PRO: Attacker cannot distinguish your local requests from your passed-on requests. CON: He can however probe your datastore (either remotely or if it is seized). (the Register attack) BETTER FOR: Opennet. 2. Don't cache locally requested files at all. (Best with client-cache). PRO: Attacker gains no information on your local requests from your store. PRO: Useful option for debugging, even if not on in production. CON: If neighbours then request the file, and don't find it, they know for sure it's local. BETTER FOR: Darknet. But depends on how much you trust your peers.
Interesting tradeoff. Unacceptable really. We all know that the long term solution is to implement premix routing, but that is definitely not going to happen in 0.7.0. So here are some possibilities: 1. For the first say 3 hops, the data is routed as normal, but is not cached. This is determined by a flag on the request, which is randomly turned off with a probability of 33%. PRO: Provides some plausible deniability even on darknet. CON: Doesn't work at all on really small darknets, so will need to be turned off manually on such. 2. Permanent, random routed tunnels for the first few hops. So, requests initially go down the node's current tunnel. This is routed through a few, randomly chosen (on each hop, so no premix), nodes. The tunnel is changed infrequently. A node may have several tunnels, for performance, but it will generally reduce your anonymity to send correlated requests down different tunnels. PRO: More plausible deniability; some level of defence against correlation attacks even. But anon set is still relatively small. CON: Number of tunnels performance/anonymity tradeoff. CON: A few extra hops. CON: Sometimes will get bad tunnels. Anyway, this seems best to me. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051118/b8b3cc04/attachment.pgp>
