Hi Michael, thanks for looking at this. I appreciate the insight, you do touch on a few issues I don't think are solved yet. If I didn't reply to it, I think Ian's clarified it in his reply:
http://lists.alioth.debian.org/pipermail/freedombox-discuss/2012-June/004032.html On Tue, 26 Jun 2012 10:07:24 +0100, Michael Rogers wrote: > How does Alice discover who Bob's buddies are and stay up-to-date with > their IP addresses (since presumably buddies might also have dynamic > addresses)? Friend-to-friend request proxying is something I looked into a few months ago and wasn't able to solve. I don't know if this is the right layer for it. The idealized dream is: 1. Alice can't reach Bob directly. 2. Alice and Bob can both talk to Calvin, say, over a different protocol. 3. Calvin relays the messages between Alice and Bob. There are lots of hurdles between where we are now and solving this completely: - How do you prevent routing loops? - How do you expire requests (the Gnutella model; maybe something better)? > Is there any form of revocation if Bob stops trusting a buddy? - Announcing new locations to all his other friends. - Not sharing services between friends. - Using client-authentication within the service itself. Actually *all services* Bob or Alice offer to anybody should be client-authenticated, to prevent interference from an untrustworthy client (one who shares your locations, but not his key; one who lucks out and finds your location). > When Alice receives an ssh-vpn service location from Bob's buddy, how > does the buddy (or Alice) know the IP address provided by the buddy is > up to date? Right now, it's up to Alice to remove locations that don't reply properly. It's easy enough to remove them (a PUT request), but there's nothing automatic. Alice can clear the list before learning more, but Bob doesn't have any method of declaring locations outdated right now. Maybe he should? Presumably, this is only a problem if your key's compromised, and then you alerady have a dozen other, bigger, problems. Nick
pgpll1zi7ecoO.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
