On Wed, Jul 12, 2006 at 02:58:24PM +0200, Magnus Eriksson wrote: > On Wed, 12 Jul 2006, Florent Daigni?re (NextGen$) wrote: > > >>>That's why I had suggested some form of updates-only protocol that could > >>>be long-lived. > > >> Or in other words, "some form of new attack vector that could be hard to > >>fix". > > >No, some protocol changes, that's all. > > Implementing a brand new protocol is "some changes" ? > > You're probably talking about update-over-mandatory (or whatever it will > be called). Fine. How do you intend to make sure only updates (and no > other requests) are passed to "old" nodes? It looks to me like some sort > of new protocol would be needed. And that might have security > implications, which was my point.
There will be some new messages needed, yes. The node needs to be able to ask its peers: - What is the latest build available from the auto-update system? - Can you transfer me it please? (Including all the keys, so it can be verified just as if it had been fetched by the node). - Has the revocation certificate been inserted? If so, give me it. - I have the revocation, here it is. > > Or, we hope the users take care to update their nodes often enough, and > the network doesn't fall apart. Obviously not everyone will update "on > time". > > If, on the other hand, the network really *won't* be able to handle a > situation where some percentage of users aren't running the very latest > build, then I'm going to have some serious doubts about those claims about > being useful under "hostile regimes". The nodes can and will update internally. This is entirely reasonable. And we are not talking about the final product here. We are talking about an alpha, which is still undergoing major, low level development work in the area of the network protocol (which for an emergent or distributed system includes the behaviour of individual nodes). The only threat which this may correspond to is "bad guy distributes hacked freenet nodes which do bad things, and a lot of the network runs the hacked build". It absolutely does not correspond to "bad guy runs a few bad freenet nodes which do bad things". We have some defence against the latter and we will have more. The former is catastrophic for *any* nontrivial distributed network, if the bad builds have sufficient penetration. > > >> The fact that this is even an issue (and that the mandatory builds are > >>so common) should be a cause for any potential user to think twice if > >>this, that is, Freenet, really is the way to go. > > >Freenet is still in alpha stage ... Should we slow down the development > >process on the behalf that some users aren't willing to update ? > > What you should do is decide whether you're twiddling with the details > in your own lab or actually developing an end-user ready network. It > seems like someone is trying to both have the cake (making incompatible > protocol changes, frequent mandatory builds) and eat it (complaining over > lack of content, asking for donations). That's what you call an "alpha". > > >>Some sort of disclosure: I do not currently use Freenet. [...] > > >Then install it and you'll see that the update-over-freenet mechanism > >performs well. Updating over mandatory builds isn't implemented yet, > >that's all. > > Installing it means a major OS upgrade for me, so I think I'll hold off > until it seems more stable / useful. You run win98? You have my pity. :) > > Sorry if I'm being a pain in the ass, but IMHO I'm only asking pretty > obvious questions that you'll have to deal with sooner or later anyway. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060712/8044c035/attachment.pgp>
