01:26 <@nop> user A connects through ---> to end node, connects to networkid, authenticates, and then will be doing a separate random key exchange that will disappear after communication is finished
01:26 <@nop> and is after networkid authentication
01:26 <@nop> plus enhanced with the Rolling Key Algorithm we use
01:26 <@nop> and the way we Xor every 8 bytes of data
01:27 <@codeshark> well, you could still do a mitm
01:27 <@nop> no
01:27 <@codeshark> why not?
01:27 <@nop> because
01:27 <@codeshark> if you have the network key
01:27 <@nop> it's done after the networkid
01:27 <@nop> this is a situation against the log and raid server attack
01:27 <@nop> not a live attack
01:27 <@codeshark> ok
01:27 <@mids> will this cause more load on the serverside IIP relay?
01:27 <@nop> most likely not after they are connected
01:27 <@nop> you might note a spike on exchange
01:27 <@nop> but that happens anyway
01:27 <@nop> and a little more time connecting
01:27 <@nop> also
01:28 < Banks> the one-time key will be securely wiped after use?
01:28 <@nop> networkid will be changed for safety reasons
01:28 <@nop> and become 2048 bit
01:28 <@nop> and made optionally in the software to support a 4096 bit networkid key
01:28 <@mids> how well does it scale?
01:28 <@nop> yes Banks it will
01:28 <@mids> we had big trouble on the old server, when everybody connected at once
01:28 < Neo> (log and raid server attack == log all cipher traffic, then raid for the key, then replay the traffic and decrypt the data)
01:28 <@nop> correct
01:28 <@mids> thanks nop
01:29 <@mids> s/nop/Neo/
01:29 <@nop> the already used ciphers assist quite well for most attacks, the windows are small because of RKA and fake traffic forcing the rolling of keys
01:29 <@nop> but if a user is being monitored
01:29 <@nop> they are at risk until we decentralize completely
01:29 <@nop> so for this reason
01:30 <@nop> we are implementing rc2 as a mandatory security upgrade
01:30 < Banks> cool
01:30 <@nop> and will not be compatible with the previous version
01:30 <@nop> and
01:30 <@nop> one more comment on security
01:30 <@nop> we need to make an ettiquette doc on how to think securely and anonymously
01:30 <@nop> especially in public channels
01:30 <@nop> as well
01:30 <@mids> offtopic :)
01:30 <@nop> as just putting iip links to lots of websites
01:31 <@nop> it's part of the security of IIP
01:31 <@nop> which I believe is rc2
01:31 <@nop> ;)
01:31 < Banks> heh
01:31 <@nop> just linking IIP could lead to bad compromised software
01:31 <@nop> even with md5's
01:31 <@nop> we need to make sure that the servers that mirror it
01:31 <@nop> are secure
01:31 <@nop> etc
01:31 <@nop> anyway
01:32 <@nop> off topic
01:32 <@nop> so we'll discuss that next meeting
01:32 <@nop> anywa
01:32 <@nop> scalability
01:32 <@nop> IIP doesn't scale at all really because of it's centralized (temporary) design
01:32 <@nop> but DH key exchange will not affect the scaling
01:32 <@nop> we are planning for the future
01:32 <@nop> and bigger prime numbers are essential as we go against faster and faster computers out there
01:33 <@mids> well I remember terrible loads when everybody connects at once, right?
01:33 <@nop> not anymore
01:33 <@nop> this was fixed recently
01:33 <@nop> on the back end
01:33 <@nop> I get a spike of 32% now with that issue
01:33 <@nop> not 99%
01:33 <@mids> nice
01:33 <@mids> why put this mandatory thing in RC2 (which was feature frozen imho) and not in 1.2 ?
01:34 <@nop> because it will be waiting too long
01:34 <@nop> no offense to the US gov't
01:34 <@nop> but they have been issuing laws faster than we code
01:34 <@nop> particularly to wiretapping
01:34 <@nop> deniability is a key issue here
01:34 < Banks> indeed
01:34 <@mids> k
01:34 <@nop> especially for the server
01:34 <@mids> good point then
01:35 <@mids> do we need version numbering in the node.ref? (like freenet has)
01:35 <@nop> hence the need to fix some issues and advance in our need for privacy and security
01:35 <@nop> it's an ongoing battle
01:35 <@nop> but it's worth it
01:35 <@nop> well
01:35 <@nop> versioning might be an optional feature
01:35 <@nop> sounds like it will turn out important soon
01:36 <@nop> so it's in consideration
01:36 <@nop> will let you know next week
01:36 <@nop> ok
01:36 <@nop> I'm done
01:36 <@mids> k
01:36 <@nop> .
01:36 <@nop> any questions
01:36 <@mids> .
01:36 < Neo> Yeah.
01:37 < Neo> The fake traffic option.
01:37 < Neo> Wouldn't it be a good idea to have this turned on by default?
01:37 <@nop> it is
01:37 < Neo> good.
01:37 < Neo> thanks.
01:37 <@nop> it's been on since encryption came out to IIP
01:37 <@mids> fake traffic, what is the length again?
01:37 <@nop> it varies
01:38 <@nop> it's max is 50 bytes
01:38 <@mids> between fixed values isnt it?
01:38 <@nop> about the size of simulated chat messages
01:38 <@mids> cant you let it vary based on normal chat?
01:38 <@nop> it is as close as we can get at this time
01:38 <@nop> AI comes later
01:38 <@nop> ;)
01:38 <@mids> heh
01:39 < Banks> what do you mean mids?
01:39 <@nop> we plan to do that with iip 2
01:39 <@nop> that will have more available techniques
01:39 <@mids> Banks: well, maybe 50 maximum is too short
01:39 <@mids> Banks: topic are much longer for example
01:39 < Banks> I see. Is it random text?
01:39 <@mids> Banks: and that might give away something
01:39 <@nop> yes
01:39 <@nop> I believe the values can be altered fairly easy
01:39 <@nop> ;)
01:40 < Banks> :)
01:40 <@mids> k
01:40 <@nop> any more questions
01:40 <@mids> feature request for 1.2:
01:40 <@nop> oh
01:40 <@nop> feature requests need to be posted on sourceforge
01:40 <@mids> keep record of average and SD of the lenght of lines
01:40 <@mids> yes, I know
01:41 <@nop> SD?
01:41 <@mids> standard diviation
01:41 <@nop> why?
01:41 <@mids> to be able to fake messages within the used scale
01:41 < Banks> mids: you mean per user or for all users?
01:42 <@mids> Banks: all users is safest
01:42 <@mids> hm, but harder
01:42 <@nop> well
01:42 <@mids> hm
01:42 <@nop> a nice goal
01:42 <@nop> would be this
01:42 <@nop> iip node takes data traffic
01:42 <@nop> analyzes it
01:42 <@nop> and scrambles it
01:42 <@nop> and uses it for it's seed of random spurting data
01:43 <@nop> that would give a bit of form of ai
01:43 <@mids> k
01:43 < Banks> might be better to get the random data from somewhere else. I mean, that's the data we're trying to keep secret :)
01:43 <@nop> what I mean
01:43 <@nop> not direct data
01:43 <@nop> but size of data info
01:44 <@nop> and
01:44 <@nop> spurt ratio of normal data
01:44 <@nop> so that it mimics
01:44 <@nop> actual data
01:44 < Banks> I see
01:44 <@nop> is randomized using yarrow
01:44 < Banks> Do you guys get notified of bugs added at sourceforge?
01:44 <@nop> I check daily
01:45 <@mids> and subscribers are emailed
01:45 < Banks> ok, just wanted to point out that node/relay settings bug if you hadn't seen it
01:45 <@nop> which one
01:45 < Banks> cool
01:45 <@mids> the one that you didnt see :)
01:45 < Banks> [ 563246 ] node/relay type settings cancellation
01:46 <@nop> ahh
01:46 <@nop> yes
01:47 <@mids> Banks: thanks for pointing out
01:47 <@mids> who does the windows code?
01:47 <@nop> that's not really a bug
01:47 < Banks> yeah, but it's not really a feature either :)
02:12 < Zwolly> channel Annemiek just for the fun and in dutch (or english)
02:12 * keimennA is afwezig [Slapen/sleeping] [1h22m52s]
02:13 < k> glad I got to know that..
02:13 < Banks> #scientology is a classic example of the kind of channels which IIP is ideally suited to
02:13 < Banks> (it's not mine though :) )
02:13 < k> lol
02:14 < Neo> #distributedcity - Sovereign Individuals
02:14 <@mids> #test - for all your testing
02:15 <@nop> #vegetarian for vegetarian (joke)
02:15 < Banks> #hacktivismo isn't up today
02:15 < Banks> Heh
02:16 <@mids> okay, any questions? (IIP related)
02:18 < Banks> Any way to improve fserve speed in the short-term? We could get a bigger user-base then.
02:18 <@nop> umm
02:18 <@nop> not without having flooding problems
02:18 <@codeshark> filesharing in iip is not a very good idea
02:19 <@codeshark> it's very inefficient
02:19 <@nop> wait till decentralized
02:19 <@codeshark> because of base64 encoding and additional irc headers
02:19 <@codeshark> ...
02:19 <@nop> then we'll make sure it's possible
02:19 < Banks> I think it's a priority for a lot of people though. I was just wondering if there was any way to improve it somewhat before decentralization. Ok.
02:20 <@nop> freenet gets it's act together
02:20 <@nop> and you can write an irc plugin
02:20 <@nop> :)
02:20 <@codeshark> yeah, integration with freenet or somthing like it would be great
02:20 <@mids> help freenet testing by running a watchme node
02:20 <@codeshark> watchme node?
02:20 <@mids> if they get that thing working again, freenet will be very usefull
