From 65575561ae231f879af6baed679b35e833942249 Mon Sep 17 00:00:00 2001 From: jrandom Date: Wed, 19 Jan 2005 03:42:19 +0000 Subject: [PATCH] c3ns0rsh1p --- pages/meeting125.html | 51 ------------------------------------------- 1 file changed, 51 deletions(-) diff --git a/pages/meeting125.html b/pages/meeting125.html index c020278c..f83f861b 100644 --- a/pages/meeting125.html +++ b/pages/meeting125.html @@ -11,7 +11,6 @@

13:04 * jrandom waves

13:04 < cervantes> 'lo

13:04 < jrandom> you too can listen to the sound of crypto talk flying past your ears! weekly status note posted @ http://dev.i2p.net/pipermail/i2p/2005-January/000559.html

-

13:04 -!- dox [me@free.duck.i2p] has joined #i2p

13:05 < bla> hi

13:05 < jrandom> jumping on in, since we're cutting into an interesting discussion anyway... 1) net status

13:05 < jrandom> i dont really have anything to add beyond whats in the mail - anyone have anything they want to bring up wrt the net status?

@@ -28,13 +27,10 @@

13:09 < jrandom> ok ok, there's a lot of 0.5 stuff, so we can take it in pieces

13:09 < jrandom> first up, thanks to the folks who gathered a days worth of stats - lots of interesting data @ http://dev.i2p.net/~jrandom/messageSizes/

13:09 < postman> it was a pleasure :)

-

13:10 -!- lucky [lucky@free.duck.i2p] has quit [Ping timeout]

13:10 < cervantes> wrt net status...seen quite a few people having troubles getting I2P up and running lately (on the forums etc) - I don't know if that's just down to increase user volume or perhaps more i2p based apps for things to go wrong with

-

13:10 -!- mule2p [anon@free.duck.i2p] has joined #i2p

13:10 <+protokol> jrandom: LIAR! you said the data was interesting!

13:10 * jrandom flings mud at protokol

13:11 < ant> <duck> cervantes: I have also seen reports of ppl able to get it up and running within a couple of minutes

-

13:11 -!- lucky [lucky@free.duck.i2p] has joined #i2p

13:11 < ant> <duck> I think that NAT is causing most problems

13:11 < cervantes> duck: true...

13:11 < ant> <dmdm> who is NAT?

@@ -43,7 +39,6 @@

13:12 < cervantes> *cough* so... 0.5

13:13 < Xan> dmdm: network address translation

13:13 < jrandom> heh, ok. basically the drive with those message size stats is to explore the padding issues

-

13:13 -!- wern__ [wilde@irc.metropipe.net] has quit [Quit: Lämnar]

13:14 < jrandom> unfortunately, the strategy i built by cherry picking numbers sucked, giving a 25% overhead just with padding data

13:14 < jrandom> if we go with one of the proposals for the 0.5 encryption (tunnels-alt.html), we won't have that issue

13:15 < jrandom> (since it'll force small fixes sizes with fragmentation)

@@ -57,8 +52,6 @@

13:17 < Teal`c> sorry

13:17 < cervantes> :) for david hasselhoff?

13:18 < jrandom> depends upon what level of analysis duck. if they've somehow tracked down what tunnel they're in (e.g. they're the inbound tunnel gateway and have harvested the netDb, correlatign that with a destination), thats nontrivial data. otoh its not a direct exposure, but does give some info

-

13:18 -!- polecat [polecat@free.duck.i2p] has joined #i2p

-

13:18 -!- mode/#i2p [+v polecat] by ChanServ

13:18 < jrandom> even more than the tunnel padding though is end to end padding, hiding message flow data from gateways and endpoints.

13:19 < jrandom> if we're crazy/stupid, we could go all the way to a pipenet, using constant bitrate everywhere

13:19 <+polecat> I got it!

@@ -92,22 +85,18 @@

13:25 < jrandom> the plan is standard AES256/CBC

13:25 <+protokol> i hear dns is good for tunneling stuff, most people dont block it

13:25 < jrandom> certainly bla, though its not quite that direct (for exploratory tunnels it is, but not for client tunnels)

-

13:26 -!- frosk [frosk@free.duck.i2p] has quit [Ping timeout]

13:26 <+polecat> And if somehow even AES gets cracked, some equivalent symmetric cipher.

13:27 < jrandom> bla: i dont think its large enough of a practical worry for most cases in that degree, but when you mount it as part of a predecessor attack, the issue is largely moot

13:28 < jrandom> (because of the way we do the rest of the tunnel routing)

13:28 < bla> jrandom: k

13:28 < jrandom> right polecat

-

13:28 -!- frosk [frosk@free.duck.i2p] has joined #i2p

13:29 < jrandom> duck: if we go w/ the second option, changing to another later will likely be easy.

13:29 < jrandom> otoh, the second option will require some hefty performance tuning to Not Suck

13:29 < jrandom> but i'm sure we can pull it off

-

13:30 -!- TelRip [Nope@free.duck.i2p] has quit [Ping timeout]

13:31 < jrandom> anyway, I think the above covers where we are right now wrt 0.5 work

13:31 < jrandom> does anyone have any more questions/comments/concerns?

13:31 < bla> jrandom: One

13:32 < bla> jrandom: I think we should values anon. slightly more than performance atm: so yes, the PRNG options sounds good

-

13:32 -!- kaji [kaji@free.duck.i2p] has joined #i2p

13:33 < jrandom> agreed. performance can be tuned later, "adding in" better anonymity however, is much harder

13:33 < jrandom> (but, of course, performance /is/ a security parameter. if it Sucks, no one uses it)

13:33 < bla> Yes.

@@ -121,7 +110,6 @@

13:34 < cervantes> :)

13:35 < jrandom> i do think that we can pull off some really cool optimizations, and it seems a lot of our choke is not related to the peer selection, but merely (heh) bugs in the jobqueue

13:36 < jrandom> but, anyway, anything else for 2) 0.5?

-

13:36 -!- TelRip [Nope@free.duck.i2p] has joined #i2p

13:36 < ant> <BS314159> could you post an explanation for this loop attack?

13:37 < ant> <BS314159> it sounds more dangerous than your treatment implies it is

13:37 < jrandom> loop: build a tunnel containing A-->B-->C-->D-->C, send in 10 messages.

@@ -138,51 +126,26 @@

13:40 < ant> <BS314159> comprendo

13:40 <+protokol> and hashcash certs will help this?

13:40 < jrandom> protokol: hashcash addresses the issue of a peer building too many tunnels, and perhaps building too many hops

-

13:40 -!- Sonnax [Sonax@free.duck.i2p] has quit [Quit: Leaving]

-

13:41 -!- TelRip [Nope@free.duck.i2p] has quit [Ping timeout]

13:41 < jrandom> protokol: it doesnt help with loops. the two ways i could find that /did/ were the PRNGs (tunnel-alt.html) or verifying at each step (tunnel.html)

13:42 < jrandom> verifying at each step has dangers, so the current leaning is towards the PRNGs

13:42 <+Ragnarok> how effective will the prng method be?

13:42 < Xan> A-->B-->C-->D-->C - shouldnt each hop get a different id or something, so that messages leave the tunnel the second time they reach C rather than looping?

-

13:42 -!- polecat [polecat@free.duck.i2p] has quit [Quit: DOOK]

-

13:42 -!- Nightblade [incognito@irc.metropipe.net] has quit [Quit: ircII EPIC4-2.0 -- Are we there yet?]

13:43 < jrandom> Xan: they do, but without verifying each step, you can't tell whether its bad or not

13:44 < jrandom> Ragnarok: i think it'll be very effective at minimizing the damage done

-

13:45 -!- PieSpy [piespy@free.duck.i2p] has quit [Ping timeout]

13:45 < jrandom> at least, from what I can see so far

-

13:45 -!- Frooze [Frooze@free.duck.i2p] has quit [Ping timeout]

-

13:45 -!- dox [me@free.duck.i2p] has quit [Ping timeout]

13:45 < jrandom> if anyone sees any problems/issues with it, or suggestions for improvement, please get in touch :)

13:46 < Xan> or maybe Im missing the point

13:46 < Xan> bbl

-

13:46 -!- jdot [jdot@free.baffled.i2p] has quit [Ping timeout]

-

13:46 -!- dust [dust@free.baffled.i2p] has quit [Ping timeout]

-

13:46 -!- Delta [Blow@free.duck.i2p] has quit [Ping timeout]

-

13:46 -!- Quadn [Disposable@free.duck.i2p] has quit [Ping timeout]

-

13:46 -!- Quadn [Disposable@free.baffled.i2p] has joined #i2p

-

13:46 -!- Frooze [Frooze@free.duck.i2p] has joined #i2p

-

13:46 -!- mode/#i2p [+v Quadn] by ChanServ

-

13:46 -!- PieSpy [piespy@free.duck.i2p] has joined #i2p

13:46 < jrandom> 'k l8r, i'll update the doc to be more clear

-

13:47 -!- Irssi: #i2p: Total of 39 nicks [2 ops, 0 halfops, 8 voices, 29 normal]

13:47 < jrandom> ok, unless there's something else, shall we move on to 3) i2pmail.v2?

-

13:47 -!- detonate [d@free.duck.i2p] has quit [Connection reset by peer]

13:47 < jrandom> postman: you 'round?

-

13:47 -!- mule2p [anon@free.duck.i2p] has quit [Connection reset by peer]

-

13:47 -!- kaji [kaji@free.duck.i2p] has quit [Connection reset by peer]

-

13:47 -!- Ch0Hag [mking@free.duck.i2p] has quit [Ping timeout]

-

13:48 -!- dox [me@free.duck.i2p] has joined #i2p

13:48 < postman> yes

-

13:48 -!- Delta [Blow@free.duck.i2p] has joined #i2p

-

13:49 -!- kaji [kaji@free.duck.i2p] has joined #i2p

13:49 < postman> :)

13:49 < jrandom> anything to add from your post on the forum? it sounds pretty cool

13:49 < postman> well, a few of you might have read the draft for i2pmail.v2 already

13:50 < bla> wtf is happening? Massive disconnects. I've got trouble reaching sites (say orion, library) here too

13:50 < postman> it aims towards a fully decentralized mail infrastructure in the future

-

13:50 -!- mule3p [anon@free.baffled.i2p] has joined #i2p

13:50 < postman> but is in need of proxysoftware on the nodes as well as a bunch of dedicated relays

-

13:50 -!- Xan [jonny9@free.duck.i2p] has quit [Ping timeout]

13:51 < postman> all are invited to contribute ideas / concepts / rants

13:51 < postman> development already has started - dont expect anything before late spring :)

13:51 < jrandom> w00t

@@ -193,15 +156,11 @@

13:52 < cervantes> hide the blackjack table!

13:52 < jrandom> wikked, thanks postman

13:52 < kaji> they said i dialed 911, but im quite sure neither i nor my brother did

-

13:52 -!- PieSpy [piespy@free.duck.i2p] has quit [Ping timeout]

13:53 <+protokol> kaji: they're just checking up on i2p

13:53 < jrandom> ok, unless there's anytihng else on 3) i2pmail, lets move over to 4) azneti2p_0.2

13:53 <+protokol> <creepy music>

13:53 < jrandom> as mentioned in the email, there's been some important progress lately

13:53 < kaji> then they said cordless phones can freak out when off the hook, but all my cordless phones are on their charger -> #i2p-chat

-

13:53 -!- Ch0Hag [mking@free.duck.i2p] has joined #i2p

-

13:54 -!- mode/#i2p [+v Ch0Hag] by ChanServ

-

13:54 -!- PieSpy [piespy@free.duck.i2p] has joined #i2p

13:55 < jrandom> the azureus folks have been very responsive in getting an update ready (yay!), but people should also be on the lookout for problems

13:55 < jrandom> (if you don't read the i2p mailing list and use azneti2p, read the i2p mailing list)

13:55 < jrandom> ((or even if yuo dont use azneti2p, read the list, as thats where we announce important things ;)

@@ -222,25 +181,21 @@

14:01 < jrandom> postman: correct, and will be changed

14:02 < jrandom> (right Ragnarok? :)

14:02 <+Ragnarok> depends on exactly what postman means...

-

14:03 -!- Xan [jonny9@free.duck.i2p] has joined #i2p

14:03 < jrandom> Ragnarok: new entries added by the local user to their own private hosts shouldn't be propogated to the hosts published

14:03 < jrandom> (e.g. userhosts.txt is private, hosts.txt is synchronized with other people and is public)

14:03 < cervantes> As part of a semi regular slot on the forum, there will be recognition and awards for those that have contributed good things to I2P either recently or over the project's lifetime

14:03 < postman> Ragnarok: after updating to 0.4.2.6 i found entries from my userhosts.txt in the published addressbook in my eepsite folder

14:03 < ant> <BS314159> hmm

-

14:04 -!- Delta [Blow@free.duck.i2p] has quit [Ping timeout]

14:04 < postman> Ragnarok: those have been manually added keys, which haven't been supposed to be published

14:04 < cervantes> this week we recognise duck for general excellence as a service provider for the community and as an all round great idler: http://forum.i2p/viewtopic.php?t=275

14:04 < jrandom> w00t!

14:04 < jrandom> (go duck go, go duck go)

-

14:05 -!- BrockSamson [brocksamso@free.baffled.i2p] has joined #i2p

14:05 < Teal`c> what about domain name hijacking ?

14:05 * brachtus applauds

14:05 * orion does a duck waddle as a sign of respect.

14:05 < cervantes> one important point for the future...you don't have to be a cryptographic genius to get praise!

14:06 <+Ragnarok> no, that's expected behaviour. I can change it, but first I'll have to finish implementing file locking so you can change hosts.txt directly

14:06 < orion> (but it helps)

-

14:06 -!- Delta [Blow@free.baffled.i2p] has joined #i2p

14:06 < cervantes> you might just have contributed a cracking eepsite or something...

14:06 < cervantes> or been a helpful bod on the forum etc

14:07 < ant> <BS314159> hmm

@@ -249,7 +204,6 @@

14:07 < ant> <BS314159> could you just make a new file, "publichosts.txt"?

14:07 < ant> <BS314159> then have addressbook ignore userhosts.txt, but allowed users to subscribe to their own publichosts.txt?

14:08 < jrandom> Teal`c: there is no way to hijack a domain name, no entries are overwritten, and userhosts always overrides hosts

-

14:08 -!- dust [dust@free.baffled.i2p] has joined #i2p

14:09 < jrandom> Ragnarok: perhaps the web interface can address the locking issue, since users won't be adding to the files manually

14:09 <+Ragnarok> once the locking is done, there's no real reason to pull in addresses from userhosts.txt anymore (it's currently the only way to dodge a race), so there's no real point in adding a third file

14:10 <+Ragnarok> jrandom: well, I was planning on using the java file locking api

@@ -260,8 +214,6 @@

14:11 < orion> metadata will solve this problem. Is a spec drafted yet?

14:11 < jrandom> using just two files should be fine - one managed by the addressbook, one not

14:12 < jrandom> (you could even have the addressbook ignore userhosts.txt entirely - userhosts.txt overrides hosts.txt anyway)

-

14:12 -!- sleon|lap [sleon@free.baffled.i2p] has joined #i2p

-

14:12 -!- sleon_ [sleon@free.duck.i2p] has quit [Ping timeout]

14:12 <+Ragnarok> jrandom: that would be the plan, once locking is done (which really shouldn't be too much work, I just haven't gotten around to it :)

14:13 <+Ragnarok> and I'm currently working on learning enough xml schema to write one for the namerecords

14:13 < ant> <dr_kavra> is this the channel for kenosis? another channel told me to come here :D

@@ -281,9 +233,7 @@

14:16 < jrandom> (by default, ./eepsite/docroot/hosts.txt)

14:17 < orion> is missing a public/private (i.e. distribute, don't) flag.

14:17 < ant> <cervantes> the only good thing about XML (and this is a large + point) is that it's a widely accepted standard

-

14:17 -!- bla [bla@free.duck.i2p] has quit [Quit: leaving]

14:17 < jrandom> right orion, lots of good ideas have come up since that post

-

14:17 -!- Frooze [Frooze@free.duck.i2p] has quit [Ping timeout]

14:17 <+Ragnarok> xml may suck, but frankly, it better than any of the alternatives for what I'm doing

14:17 < jrandom> cervantes: so is EDI

14:17 < orion> is there a place to condense them? i.e. forum area?

@@ -294,7 +244,6 @@

14:19 < jrandom> wikked orion

14:19 < jrandom> BrockSamson: smime, with different parsers ;)

14:19 < orion> (also one for name metadata)

-

14:19 -!- Frooze [Frooze@free.baffled.i2p] has joined #i2p

14:21 < jrandom> there are lots of ways to do the metadata, the important thing is flexibility and 'correctness' so that it can grow or change over time

14:21 * jrandom is sure Ragnarok et al will come up with some good stuff :)

14:21 < orion> thats why I think a public draft is in order.