forked from I2P_Developers/i2p.www
c3ns0rsh1p
This commit is contained in:
jrandom
@@ -11,7 +11,6 @@
|
||||
<p>13:04 * jrandom waves</p>
|
||||
<p>13:04 < cervantes> 'lo</p>
|
||||
<p>13:04 < jrandom> you too can listen to the sound of crypto talk flying past your ears! weekly status note posted @ http://dev.i2p.net/pipermail/i2p/2005-January/000559.html</p>
|
||||
<p>13:04 -!- dox [me@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:05 < bla> hi</p>
|
||||
<p>13:05 < jrandom> jumping on in, since we're cutting into an interesting discussion anyway... 1) net status</p>
|
||||
<p>13:05 < jrandom> i dont really have anything to add beyond whats in the mail - anyone have anything they want to bring up wrt the net status?</p>
|
||||
@@ -28,13 +27,10 @@
|
||||
<p>13:09 < jrandom> ok ok, there's a lot of 0.5 stuff, so we can take it in pieces</p>
|
||||
<p>13:09 < jrandom> first up, thanks to the folks who gathered a days worth of stats - lots of interesting data @ http://dev.i2p.net/~jrandom/messageSizes/</p>
|
||||
<p>13:09 < postman> it was a pleasure :)</p>
|
||||
<p>13:10 -!- lucky [lucky@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:10 < cervantes> wrt net status...seen quite a few people having troubles getting I2P up and running lately (on the forums etc) - I don't know if that's just down to increase user volume or perhaps more i2p based apps for things to go wrong with</p>
|
||||
<p>13:10 -!- mule2p [anon@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:10 <+protokol> jrandom: LIAR! you said the data was interesting!</p>
|
||||
<p>13:10 * jrandom flings mud at protokol </p>
|
||||
<p>13:11 < ant> <duck> cervantes: I have also seen reports of ppl able to get it up and running within a couple of minutes</p>
|
||||
<p>13:11 -!- lucky [lucky@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:11 < ant> <duck> I think that NAT is causing most problems</p>
|
||||
<p>13:11 < cervantes> duck: true...</p>
|
||||
<p>13:11 < ant> <dmdm> who is NAT?</p>
|
||||
@@ -43,7 +39,6 @@
|
||||
<p>13:12 < cervantes> *cough* so... 0.5</p>
|
||||
<p>13:13 < Xan> dmdm: network address translation</p>
|
||||
<p>13:13 < jrandom> heh, ok. basically the drive with those message size stats is to explore the padding issues </p>
|
||||
<p>13:13 -!- wern__ [wilde@irc.metropipe.net] has quit [Quit: Lämnar]</p>
|
||||
<p>13:14 < jrandom> unfortunately, the strategy i built by cherry picking numbers sucked, giving a 25% overhead just with padding data</p>
|
||||
<p>13:14 < jrandom> if we go with one of the proposals for the 0.5 encryption (tunnels-alt.html), we won't have that issue</p>
|
||||
<p>13:15 < jrandom> (since it'll force small fixes sizes with fragmentation)</p>
|
||||
@@ -57,8 +52,6 @@
|
||||
<p>13:17 < Teal`c> sorry</p>
|
||||
<p>13:17 < cervantes> :) for david hasselhoff?</p>
|
||||
<p>13:18 < jrandom> depends upon what level of analysis duck. if they've somehow tracked down what tunnel they're in (e.g. they're the inbound tunnel gateway and have harvested the netDb, correlatign that with a destination), thats nontrivial data. otoh its not a direct exposure, but does give some info</p>
|
||||
<p>13:18 -!- polecat [polecat@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:18 -!- mode/#i2p [+v polecat] by ChanServ</p>
|
||||
<p>13:18 < jrandom> even more than the tunnel padding though is end to end padding, hiding message flow data from gateways and endpoints.</p>
|
||||
<p>13:19 < jrandom> if we're crazy/stupid, we could go all the way to a pipenet, using constant bitrate everywhere</p>
|
||||
<p>13:19 <+polecat> I got it!</p>
|
||||
@@ -92,22 +85,18 @@
|
||||
<p>13:25 < jrandom> the plan is standard AES256/CBC</p>
|
||||
<p>13:25 <+protokol> i hear dns is good for tunneling stuff, most people dont block it</p>
|
||||
<p>13:25 < jrandom> certainly bla, though its not quite that direct (for exploratory tunnels it is, but not for client tunnels)</p>
|
||||
<p>13:26 -!- frosk [frosk@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:26 <+polecat> And if somehow even AES gets cracked, some equivalent symmetric cipher.</p>
|
||||
<p>13:27 < jrandom> bla: i dont think its large enough of a practical worry for most cases in that degree, but when you mount it as part of a predecessor attack, the issue is largely moot</p>
|
||||
<p>13:28 < jrandom> (because of the way we do the rest of the tunnel routing)</p>
|
||||
<p>13:28 < bla> jrandom: k</p>
|
||||
<p>13:28 < jrandom> right polecat </p>
|
||||
<p>13:28 -!- frosk [frosk@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:29 < jrandom> duck: if we go w/ the second option, changing to another later will likely be easy. </p>
|
||||
<p>13:29 < jrandom> otoh, the second option will require some hefty performance tuning to Not Suck</p>
|
||||
<p>13:29 < jrandom> but i'm sure we can pull it off</p>
|
||||
<p>13:30 -!- TelRip [Nope@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:31 < jrandom> anyway, I think the above covers where we are right now wrt 0.5 work</p>
|
||||
<p>13:31 < jrandom> does anyone have any more questions/comments/concerns?</p>
|
||||
<p>13:31 < bla> jrandom: One</p>
|
||||
<p>13:32 < bla> jrandom: I think we should values anon. slightly more than performance atm: so yes, the PRNG options sounds good</p>
|
||||
<p>13:32 -!- kaji [kaji@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:33 < jrandom> agreed. performance can be tuned later, "adding in" better anonymity however, is much harder</p>
|
||||
<p>13:33 < jrandom> (but, of course, performance /is/ a security parameter. if it Sucks, no one uses it)</p>
|
||||
<p>13:33 < bla> Yes.</p>
|
||||
@@ -121,7 +110,6 @@
|
||||
<p>13:34 < cervantes> :)</p>
|
||||
<p>13:35 < jrandom> i do think that we can pull off some really cool optimizations, and it seems a lot of our choke is not related to the peer selection, but merely (heh) bugs in the jobqueue</p>
|
||||
<p>13:36 < jrandom> but, anyway, anything else for 2) 0.5?</p>
|
||||
<p>13:36 -!- TelRip [Nope@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:36 < ant> <BS314159> could you post an explanation for this loop attack?</p>
|
||||
<p>13:37 < ant> <BS314159> it sounds more dangerous than your treatment implies it is</p>
|
||||
<p>13:37 < jrandom> loop: build a tunnel containing A-->B-->C-->D-->C, send in 10 messages.</p>
|
||||
@@ -138,51 +126,26 @@
|
||||
<p>13:40 < ant> <BS314159> comprendo</p>
|
||||
<p>13:40 <+protokol> and hashcash certs will help this?</p>
|
||||
<p>13:40 < jrandom> protokol: hashcash addresses the issue of a peer building too many tunnels, and perhaps building too many hops</p>
|
||||
<p>13:40 -!- Sonnax [Sonax@free.duck.i2p] has quit [Quit: Leaving]</p>
|
||||
<p>13:41 -!- TelRip [Nope@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:41 < jrandom> protokol: it doesnt help with loops. the two ways i could find that /did/ were the PRNGs (tunnel-alt.html) or verifying at each step (tunnel.html)</p>
|
||||
<p>13:42 < jrandom> verifying at each step has dangers, so the current leaning is towards the PRNGs</p>
|
||||
<p>13:42 <+Ragnarok> how effective will the prng method be?</p>
|
||||
<p>13:42 < Xan> A-->B-->C-->D-->C - shouldnt each hop get a different id or something, so that messages leave the tunnel the second time they reach C rather than looping?</p>
|
||||
<p>13:42 -!- polecat [polecat@free.duck.i2p] has quit [Quit: DOOK]</p>
|
||||
<p>13:42 -!- Nightblade [incognito@irc.metropipe.net] has quit [Quit: ircII EPIC4-2.0 -- Are we there yet?]</p>
|
||||
<p>13:43 < jrandom> Xan: they do, but without verifying each step, you can't tell whether its bad or not</p>
|
||||
<p>13:44 < jrandom> Ragnarok: i think it'll be very effective at minimizing the damage done</p>
|
||||
<p>13:45 -!- PieSpy [piespy@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:45 < jrandom> at least, from what I can see so far</p>
|
||||
<p>13:45 -!- Frooze [Frooze@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:45 -!- dox [me@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:45 < jrandom> if anyone sees any problems/issues with it, or suggestions for improvement, please get in touch :)</p>
|
||||
<p>13:46 < Xan> or maybe Im missing the point</p>
|
||||
<p>13:46 < Xan> bbl</p>
|
||||
<p>13:46 -!- jdot [jdot@free.baffled.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:46 -!- dust [dust@free.baffled.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:46 -!- Delta [Blow@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:46 -!- Quadn [Disposable@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:46 -!- Quadn [Disposable@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>13:46 -!- Frooze [Frooze@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:46 -!- mode/#i2p [+v Quadn] by ChanServ</p>
|
||||
<p>13:46 -!- PieSpy [piespy@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:46 < jrandom> 'k l8r, i'll update the doc to be more clear </p>
|
||||
<p>13:47 -!- Irssi: #i2p: Total of 39 nicks [2 ops, 0 halfops, 8 voices, 29 normal]</p>
|
||||
<p>13:47 < jrandom> ok, unless there's something else, shall we move on to 3) i2pmail.v2?</p>
|
||||
<p>13:47 -!- detonate [d@free.duck.i2p] has quit [Connection reset by peer]</p>
|
||||
<p>13:47 < jrandom> postman: you 'round?</p>
|
||||
<p>13:47 -!- mule2p [anon@free.duck.i2p] has quit [Connection reset by peer]</p>
|
||||
<p>13:47 -!- kaji [kaji@free.duck.i2p] has quit [Connection reset by peer]</p>
|
||||
<p>13:47 -!- Ch0Hag [mking@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:48 -!- dox [me@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:48 < postman> yes</p>
|
||||
<p>13:48 -!- Delta [Blow@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:49 -!- kaji [kaji@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:49 < postman> :)</p>
|
||||
<p>13:49 < jrandom> anything to add from your post on the forum? it sounds pretty cool</p>
|
||||
<p>13:49 < postman> well, a few of you might have read the draft for i2pmail.v2 already</p>
|
||||
<p>13:50 < bla> wtf is happening? Massive disconnects. I've got trouble reaching sites (say orion, library) here too</p>
|
||||
<p>13:50 < postman> it aims towards a fully decentralized mail infrastructure in the future</p>
|
||||
<p>13:50 -!- mule3p [anon@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>13:50 < postman> but is in need of proxysoftware on the nodes as well as a bunch of dedicated relays</p>
|
||||
<p>13:50 -!- Xan [jonny9@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:51 < postman> all are invited to contribute ideas / concepts / rants</p>
|
||||
<p>13:51 < postman> development already has started - dont expect anything before late spring :)</p>
|
||||
<p>13:51 < jrandom> w00t</p>
|
||||
@@ -193,15 +156,11 @@
|
||||
<p>13:52 < cervantes> hide the blackjack table!</p>
|
||||
<p>13:52 < jrandom> wikked, thanks postman </p>
|
||||
<p>13:52 < kaji> they said i dialed 911, but im quite sure neither i nor my brother did</p>
|
||||
<p>13:52 -!- PieSpy [piespy@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>13:53 <+protokol> kaji: they're just checking up on i2p</p>
|
||||
<p>13:53 < jrandom> ok, unless there's anytihng else on 3) i2pmail, lets move over to 4) azneti2p_0.2</p>
|
||||
<p>13:53 <+protokol> <creepy music></p>
|
||||
<p>13:53 < jrandom> as mentioned in the email, there's been some important progress lately</p>
|
||||
<p>13:53 < kaji> then they said cordless phones can freak out when off the hook, but all my cordless phones are on their charger -> #i2p-chat</p>
|
||||
<p>13:53 -!- Ch0Hag [mking@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:54 -!- mode/#i2p [+v Ch0Hag] by ChanServ</p>
|
||||
<p>13:54 -!- PieSpy [piespy@free.duck.i2p] has joined #i2p</p>
|
||||
<p>13:55 < jrandom> the azureus folks have been very responsive in getting an update ready (yay!), but people should also be on the lookout for problems</p>
|
||||
<p>13:55 < jrandom> (if you don't read the i2p mailing list and use azneti2p, read the i2p mailing list)</p>
|
||||
<p>13:55 < jrandom> ((or even if yuo dont use azneti2p, read the list, as thats where we announce important things ;)</p>
|
||||
@@ -222,25 +181,21 @@
|
||||
<p>14:01 < jrandom> postman: correct, and will be changed</p>
|
||||
<p>14:02 < jrandom> (right Ragnarok? :)</p>
|
||||
<p>14:02 <+Ragnarok> depends on exactly what postman means...</p>
|
||||
<p>14:03 -!- Xan [jonny9@free.duck.i2p] has joined #i2p</p>
|
||||
<p>14:03 < jrandom> Ragnarok: new entries added by the local user to their own private hosts shouldn't be propogated to the hosts published</p>
|
||||
<p>14:03 < jrandom> (e.g. userhosts.txt is private, hosts.txt is synchronized with other people and is public)</p>
|
||||
<p>14:03 < cervantes> As part of a semi regular slot on the forum, there will be recognition and awards for those that have contributed good things to I2P either recently or over the project's lifetime</p>
|
||||
<p>14:03 < postman> Ragnarok: after updating to 0.4.2.6 i found entries from my userhosts.txt in the published addressbook in my eepsite folder</p>
|
||||
<p>14:03 < ant> <BS314159> hmm</p>
|
||||
<p>14:04 -!- Delta [Blow@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>14:04 < postman> Ragnarok: those have been manually added keys, which haven't been supposed to be published</p>
|
||||
<p>14:04 < cervantes> this week we recognise duck for general excellence as a service provider for the community and as an all round great idler: http://forum.i2p/viewtopic.php?t=275</p>
|
||||
<p>14:04 < jrandom> w00t!</p>
|
||||
<p>14:04 < jrandom> (go duck go, go duck go)</p>
|
||||
<p>14:05 -!- BrockSamson [brocksamso@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>14:05 < Teal`c> what about domain name hijacking ?</p>
|
||||
<p>14:05 * brachtus applauds</p>
|
||||
<p>14:05 * orion does a duck waddle as a sign of respect.</p>
|
||||
<p>14:05 < cervantes> one important point for the future...you don't have to be a cryptographic genius to get praise!</p>
|
||||
<p>14:06 <+Ragnarok> no, that's expected behaviour. I can change it, but first I'll have to finish implementing file locking so you can change hosts.txt directly</p>
|
||||
<p>14:06 < orion> (but it helps)</p>
|
||||
<p>14:06 -!- Delta [Blow@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>14:06 < cervantes> you might just have contributed a cracking eepsite or something...</p>
|
||||
<p>14:06 < cervantes> or been a helpful bod on the forum etc</p>
|
||||
<p>14:07 < ant> <BS314159> hmm</p>
|
||||
@@ -249,7 +204,6 @@
|
||||
<p>14:07 < ant> <BS314159> could you just make a new file, "publichosts.txt"?</p>
|
||||
<p>14:07 < ant> <BS314159> then have addressbook ignore userhosts.txt, but allowed users to subscribe to their own publichosts.txt?</p>
|
||||
<p>14:08 < jrandom> Teal`c: there is no way to hijack a domain name, no entries are overwritten, and userhosts always overrides hosts</p>
|
||||
<p>14:08 -!- dust [dust@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>14:09 < jrandom> Ragnarok: perhaps the web interface can address the locking issue, since users won't be adding to the files manually</p>
|
||||
<p>14:09 <+Ragnarok> once the locking is done, there's no real reason to pull in addresses from userhosts.txt anymore (it's currently the only way to dodge a race), so there's no real point in adding a third file</p>
|
||||
<p>14:10 <+Ragnarok> jrandom: well, I was planning on using the java file locking api</p>
|
||||
@@ -260,8 +214,6 @@
|
||||
<p>14:11 < orion> metadata will solve this problem. Is a spec drafted yet?</p>
|
||||
<p>14:11 < jrandom> using just two files should be fine - one managed by the addressbook, one not</p>
|
||||
<p>14:12 < jrandom> (you could even have the addressbook ignore userhosts.txt entirely - userhosts.txt overrides hosts.txt anyway)</p>
|
||||
<p>14:12 -!- sleon|lap [sleon@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>14:12 -!- sleon_ [sleon@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>14:12 <+Ragnarok> jrandom: that would be the plan, once locking is done (which really shouldn't be too much work, I just haven't gotten around to it :)</p>
|
||||
<p>14:13 <+Ragnarok> and I'm currently working on learning enough xml schema to write one for the namerecords</p>
|
||||
<p>14:13 < ant> <dr_kavra> is this the channel for kenosis? another channel told me to come here :D</p>
|
||||
@@ -281,9 +233,7 @@
|
||||
<p>14:16 < jrandom> (by default, ./eepsite/docroot/hosts.txt)</p>
|
||||
<p>14:17 < orion> is missing a public/private (i.e. distribute, don't) flag.</p>
|
||||
<p>14:17 < ant> <cervantes> the only good thing about XML (and this is a large + point) is that it's a widely accepted standard</p>
|
||||
<p>14:17 -!- bla [bla@free.duck.i2p] has quit [Quit: leaving]</p>
|
||||
<p>14:17 < jrandom> right orion, lots of good ideas have come up since that post</p>
|
||||
<p>14:17 -!- Frooze [Frooze@free.duck.i2p] has quit [Ping timeout]</p>
|
||||
<p>14:17 <+Ragnarok> xml may suck, but frankly, it better than any of the alternatives for what I'm doing</p>
|
||||
<p>14:17 < jrandom> cervantes: so is EDI</p>
|
||||
<p>14:17 < orion> is there a place to condense them? i.e. forum area?</p>
|
||||
@@ -294,7 +244,6 @@
|
||||
<p>14:19 < jrandom> wikked orion </p>
|
||||
<p>14:19 < jrandom> BrockSamson: smime, with different parsers ;)</p>
|
||||
<p>14:19 < orion> (also one for name metadata)</p>
|
||||
<p>14:19 -!- Frooze [Frooze@free.baffled.i2p] has joined #i2p</p>
|
||||
<p>14:21 < jrandom> there are lots of ways to do the metadata, the important thing is flexibility and 'correctness' so that it can grow or change over time</p>
|
||||
<p>14:21 * jrandom is sure Ragnarok et al will come up with some good stuff :)</p>
|
||||
<p>14:21 < orion> thats why I think a public draft is in order.</p>
|
||||
|
||||
Reference in New Issue
Block a user