On Fri, Feb 17, 2006 at 03:56:13PM +0000, Michael Rogers wrote: > Matthew Toseland wrote: > >When accessing the RSSK, the client will automatically fetch each > >trusted person's SSK. Normally we will get a DNF on each of these. This > >indicates success, and the result is that the node will follow the > >redirect. > > Are you sure it's a good idea to assume success if a revocation can't be > found? An attacker might be able to temporarily DoS the revocations.
If so, there is a serious problem with Freenet itself, as every time a user accesses that site the data will be searched for and propagated if it can be found. I don't see any real problem with this. > > How about this: the RSSK contains an expiry period (say, a week - the > expiry periods must be long enough to allow for very loose clock synch). > The user fetches each SSK, which contains a status field > (OK/revoke/panic). If the status is OK and the SSK has been updated more > recently than the expiry period, the vote is counted in favour. If the > SSK can't be found or the status is revoke or the SSK is older than the > expiry period, the vote is counted against. If the status is panic, the > redirect is not followed. > > This method fails safe when publishers forget to update their SSKs, but > the redirect will start working again as soon as they remember. It also > gives publishers the option of destroying their keys if there isn't time > to insert a revocation (reminds me of the old days on this list, with > Travis Beman talking about attaching thermite to his hard drive... but > anyway...) :) I don't think it's reasonable to expect each of the Freenet Project's official freesite trustees to insert a file every week indicating status okay to the best of their knowledge. Well maybe. Any thoughts? > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060217/bd8a674b/attachment.pgp>
