We already had a lot of mails here, so just my 5 cents ...
> This is the idea that i've been thinking on. > It should be possible for GNUnet node operator to hide the > fact that > his machine runs a GNUnet node. > > Ways to achieve this: > > 1) Fake HELLO messages. So if I receive your HELLO, I have to test all addresses if until I figure out addresses working? Why should that be harder for a malicious guy than for a benign user? Both try to establish as many connections as possible ... so both have to test all the addresses? If I have 1 working address and include 9 faked addresses generated randomly: a) 9 out 10 do not work, one is working -> got you! b) malicious guy can "accidently" connect to faked address-> you sent yourself and someone else to sibiria So in the end: I do not see any benefit here... > > 2) Transport disguise. That's an arms race you cannot win ... we are operating in the open, anyone can download our software and even read our discussions on the other hand we do not event have a clue who the malicious guys are and how powerful they are. In the end: - I agree to add a "Do not gossip" flag to HELLOs but only for efficency reasons. - I agree to improve https server validation behaviour to prevent MITM attacks. I'll file bugs for it... > -- Dipl.-Inf. Matthias Wachs Free Secure Network Systems Group Technische Universitaet Muenchen Chair for Network Architectures and Services Institute for Informatics / I8 Tel: +49 89 289 18037 Boltzmannstr. 3 / Room 03.05.042 Fax: +49 89 289 18033 D-85748 Garching b. Muenchen, Germany Email: wa...@net.in.tum.de _______________________________________________ GNUnet-developers mailing list GNUnet-developers@gnu.org https://lists.gnu.org/mailman/listinfo/gnunet-developers
