On Fri, Oct 06, 2006 at 01:20:50AM +0100, toad wrote: > Currently, the opennet proposal includes an announcement mechanism where > the node to be announced chooses its location, sends off an announcement > request, and is provided with a bunch of connections near that location > (and leading up to it). > > This is arguably insecure; freenet 0.5 had an announcement mechanism > where the network would choose a random location for the node, and give > it some keys and some connections somewhere near it. > > However, it should be possible to target a specific location simply by > (inserting and) requesting lots of keys near to it... With a large > network this gets expensive as you have to either know lots of keys, or > create keys which are close to the target. > > Are routed announcements a problem? It is not possible to generate a > location randomly then route to it, because an attacker would just use > the latter stage. Routed announcements do have the advantage of getting > the right connections right at the beginning; nodes can start opennet > very quickly.
Ian suggested: <sanity> toad_: how about the connect request is initially routed randomly for a few hops, and then it tries to find its way back to the source node - establishing connections along that path We can't do this exactly as-is, because the node isn't integrated yet - it won't be possible to find it. However, perhaps the node could drop an "anchor" - a random-routed chain of nodes, which then return the location of the last one to the announcee, and remember for a while that they are involved (and who was before them). The node then routes to that node, and the node references return along the anchor chain. (*Not* down the routing path). That should work, but would be unreliable and complex... (More reliable at the expense of more complexity...). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20061006/043df3b0/attachment.pgp>
