On 11/22/2015 07:04 PM, Bjarni Runar Einarsson wrote: [...] > I touched on most of the concerns and potential solutions in my > last mail - I think the best "design" for this, would be to > decouple the DNS part of the service from the relays. So the > ecosystem would look something like this: > > 1) Volunteers run relays according to a community code of > conduct. 2) One or more orgs keeps a registry of existing relays, > tests them for compliance with community standards (e.g. make > sure clear-text HTTP is unavailable). 3) Organizations sell or > give a way domain names; included in this service is a dynamic > DNS and DNS-based PageKite authentication (so a relay can > validate a tunnel request). > > Roles 2) and 3) could be merged; their technical requirements are > quite similar, both will need a dynamic DNS service and user > database of some sort. This is a technically sophisticated role > and handling abuse etc. happens here, so these are organizations > rather than individuals. > > For security reasons (as discussed in my last post), role 1) > should be separate. This is where even small players can > contribute to the network.
Some more points we could consider: - HSTS headers in HTTP will partially help. Browser will not go back to using HTTP after a proper first connection is made. - Mozilla has been encouraging certification authorities to publish a list of all SSL certificates they have ever issued. This list is likely to be available in Let's Encrypt and also slowly available from other CAs. - Multiple solutions to the problem: Dynamic DNS, PageKite and Tor Hidden Service (with possibly Tor2Web) should be combined to make the experience for the user smooth and to get the apt solution. - FreedomBox has a social aspect with federated social networking coming soon. We are discussing on possibility of taking backups on buddy's machines etc. Spamming and abuse can be handled by perhaps explicitly authorizing relay of traffic from friends list. -- Sunil
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
