We can prevent flooding with useless content by for example having
inserts not start at the top of the LRU. However the point remains that
tit-for-tat is difficult. On the other hand, we don't need perfect
functionality immediately. Can we add in insert verification later on?
The basic problem is that we need to tune things so that it is cheaper
to keep using an existing node, and build up some trust with it, than to
connect to a new node. This isn't necessarily insoluble either: Although
most successful requests will likely come from a new node (on a large
network), we won't necessarily succeed in our attempt to connect to
them.
On Tue, Aug 22, 2006 at 09:21:04PM +0100, Michael Rogers wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ian Clarke wrote:
> >> 1) a selfish or malicious node can connect to a large number of opennet
> >> nodes and use its 'fair share' of capacity at each one
> >
> > Why shouldn't a node with sufficient bandwidth be permitted to connect
> > to as many other nodes as it can legitimately serve?
>
> That's fine if you can be sure that all those connections come from
> different individuals, as you can in the darknet. But in an opennet you
> could be handing all your bandwidth over to an attacker who controls
> multiple nodes (or just multiple IP addresses - which will be easy if
> IPv6 ever gets off the ground).
>
> Imagine an attacker with a 10 or 100 Mb/s connection - currently, the
> amount of load the attacker can place on the network is limited not only
> by his own bandwidth, but by the bandwidth of his peers. Unless a huge
> number of people trust him, he won't be able to use all his bandwidth to
> place load on the network. But in an opennet, he could inject traffic
> through every opennet node as well as through his darknet peers.
>
> > BitTorrent seems to get along just fine using tit-for-tat without the
> > need for negative reputation - all reputation is positive and must be
> > earned. Why can't we do the same?
>
> Because BitTorrent doesn't have to deal with inserts. Responses to
> requests can be verified, but it's not possible to verify responses to
> inserts, so a tit-for-tat mechanism that measures the number of inserts
> creates an incentive to lie ("sure, I inserted that file"), and a
> tit-for-tat mechanism that doesn't measure the number of inserts creates
> an incentive to drop inserts in favour of whatever the mechanism does
> measure.
>
> This probably isn't an insoluble problem - Matthew suggested some kind
> of audit mechanism last time it came up - but it isn't something that
> should be glossed over either. If we need an audit mechanism and a
> tit-for-tat mechanism to make opennet safe then we're a long way from
> deployment (and hopefully the darknet will continue to grow in the
> meantime).
>
> Cheers,
> Michael
--
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/tech/attachments/20060822/9bd17db5/attachment.pgp>
