* Matthew Toseland <toad at amphibian.dyndns.org> [2007-03-06 01:30:45]:
> I am trying to disentangle the whole "easier reference swapping" > discussion. So lets have one thread per proposal, shall we? > > One-time references > =================== > > Fproxy provides an interface to produce one-time references. These > consist of a file, including: > - The node's current IP addresses (all of them) > - A deadline after which the reference is no longer valid > - A blob of data which is recorded by the node in permanent storage for > that period > - Symmetric encryption keys for the setup process (these are unique to > this one-time reference) > > When a one-time reference is double-clicked or otherwise fed to a node, > it will connect to the node by the given IP, verify that it has the blob > of data via a challenge/response protocol, and full noderefs will be > exchanged. The blob will be removed from persistent storage; they are > not re-usable. > > Dependancies > ------------ > > The node issuing one-time references must be able to receive packets > from anywhere on the internet. So we need UP&P. > > Easy extension > -------------- > > This can easily be extended to the ability for fproxy to produce a > binary installer which includes a one-time noderef. > > Attacks > ------- > > The one-time reference MUST be delivered securely. If it is sent through > a cleartext channel it may be intercepted (which gives away that you are > running a node) or replaced via a Man-In-The-Middle attack (resulting in > the attacker being connected to both the issuer and the recipient). As far as I understand they are security risks and no real gain : It doesn't allow "on the phone" exchange because of the binary blob ... I am going to write up a proposal too :). NextGen$
