On Fri, Sep 23, 2005 at 10:30:10AM +0200, freenetwork at web.de wrote: > >> Matthew Toseland wrote: > >> > The main outstanding issue is how frequently we should do path folding. > >> > If it is too slow, it will take too long to converge. But if it is too > >> > fast, then oskar's routing algorithm won't be able to keep up. Is there > >> > any way to determine an optimal time short of alchemy? > >>=20 > >> If I have understood things correctly, on the new network a node can have > >> both darknet connections and opennet connections; in which case, when data > >> comes from a darknet node, it should forward it hijacking the source as > >> beeing itself, otherwise, it would use the usual algorithm. Being on the > >> border of the darknet (giving the darknet a gateway to the opennet) means > >> not giving away any info on darknet nodes. Being fully inside the darknet > >> means you don't know anything about nodes that you've not been introduced > >> to (and none else besides them should try to connect to you either!). > > > >Correct. > > Then what is the implication of border nodes always resetting Source to > themselves? > > I think that would bring to light that they are border-nodes between the open > and the closed network.
What alternative do you suggest? > > Analysis could be done because those border nodes often route requests with > an HTL < maxHTL (because the request went some time through the darknet) > although they pretend to be the Source; correlation attacks (border nodes > tend to have a higher correlation We are talking about DataSource here. The node which answered, not the one which queried. > "randomness" by previous darknet routing steps than nodes requesting the > files all by themselves); network harvesting with connection analysis (an > harvested opennet node has X routes to other nodes, analysis would reveal > that this node has X connections to other > nodes; border nodes have X to opennet and Y to darknet, a harvesting would > only find the X links but network analysis would reveal X+Y links -> border > node, possible entry point into the darknet: now either send Those Guys or > disconnect every border node found to > separate the smaller darknet from the well-known opennet) Possibly. Traffic analysis is a threat and always will be; it is easier if they know of one node in the first place. The hope is that it is expensive and tends to produce false alarms, especially if we use some stego. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20050923/c4aea94e/attachment.pgp>
