On 07/06/2012 06:45 PM, Michiel de Jong wrote:
On Fri, Jul 6, 2012 at 3:16 PM, Nick M. Daly<[email protected]> wrote:
I'm a little leery of asking users to sign up for a service on a device
that's designed to let them host their own services. It seems
internally inconsistent. I don't think I have anything against offering
it as an option, but it shouldn't be the only one.
i see your point, but what alternative do you see? if you want to
offer any form of web presence, you need an IP address with a DNS
domain pointing to it. the box needs to dial up to some sort of name
service to announce where it is today. this can be either a DNS server
or a (network of) reverse proxy(s) if you're on a dynamically assigned
own IP. If you're behind NAT, then only a (network of) reverse
proxy(s) can help you. The proposed DHT which resolves names to onion
addresses is effectively a network of revers proxies too, and is not
something we currently have working in production even on normal
laptops afaik.
to be able to deal with NAT, which is probably the most common setup found in
regular users homes, using reverse proxy seems to be a must.
i don't know of any other readily available solution besides PageKite and Tor
hidden services to do this. i assume that we want a fbx to have a durable name
by which they can be found, so;
- with PageKite, this probably leads to registering a domain name for a box. as
this is how the regular web works, normal browser/http-client can access the
page/service.
- with Tor HS, no need to register a domain. as long as you don't loose the
private-key you keep the same .onion address. to access the page/service, you
need a Tor-Browser, Tor-Proxy or go via tor2web though.
in the long run, i would prefer something like FreedomBuddy as Tor HS in the
role of a gatekeeper. this frees from registering a domain name and still gets
you a durable name/address. further, it gives the service provider more
anonymity and FreedomBuddy can do access-control before revealing service
endpoints to clients (either connections through Tor network or direct
connections).
a simpler version of this gatekeeper could be a Tor HS 'entry-point' that
simply http-redirects to yourname.pagekite.me upon successful authentication
and access-control (e.g. with username/pass).
as i understand the proposition, the focus is on allowing unhosted-apps
(JavaScript in an ordinary webbrowser) to access the fbx. maybe an unhosted-app
could try first the .onion address directly (which succeeds if a tor-proxy is
used) and fallback on tor2web if necessary?
cheers!
michael
_______________________________________________
Freedombox-discuss mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
