From toad at amphibian.dyndns.org Sat Jul 1 01:04:15 2006 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Sat, 1 Jul 2006 02:04:15 +0100 Subject: [Darknet-tools] Freenet file types Message-ID: <20060701010415.GA14437@amphibian.dyndns.org> Freenet should register itself as a handler for two extensions/mime types. Type 1: Freenet reference, .fnr. Simply a freenet reference. Type 2: Freenet invite, .fni. Freenet reference plus a cryptographic token that allows the node to connect, and send its own reference back. May also include a few temporary port numbers for the node receiving the invite to send from, in order to get past any NATs. The node which created the invite already knows the IP address of the computer the invite is being sent to, so it will send packets to try to punch on those port numbers on that address. If it receives a response (from any port/IP), with the right cryptographic token, then it will complete - it will accept the reference of the new node. We may require some sort of out-of-band verification. One option is to verify the pubkey fingerprints in both directions out of band (phone, floppy, printed, etc). Another is to password the process: Alice sends an invite to Bob and decides on a password. Bob installs freenet and gets connected to Alice. Alice tells Bob the password out of band (e.g. telephone, or in person the next day, or through the mail, or whatever), Bob types it in, and Alice and Bob do a challenge/response protocol. This may go both ways if Bob also creates a password and tells Alice it. Comments? -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/darknet-tools/attachments/20060701/fd3aa0ee/attachment.pgp From toad at amphibian.dyndns.org Sat Jul 1 01:04:26 2006 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Sat, 1 Jul 2006 02:04:26 +0100 Subject: [Darknet-tools] IRC plugins: standards In-Reply-To: <20060621164146.GB6432@amphibian.dyndns.org> References: <20060621164146.GB6432@amphibian.dyndns.org> Message-ID: <20060701010426.GA11951@amphibian.dyndns.org> Here's the conclusion so far: The plugin should: - If somebody dcc's you or /msg's you a node reference, (not a URI to a node reference!), it should produce a (modeless) dialog box asking you whether you want to accept the reference. If you do, and if you don't unclick "reply with mine", then it adds the reference, and unless it has recently sent the sender a copy of your noderef, it sends your reference back. - There is a script, either on a button or a right click menu or some other kind of command, to send a noderef to a user. This will automatically accept any noderef which is returned (bypassing the dialog box). I don't know how this would work on bitchx :) But it should work well enough for mIRC etc. The advantage of the above is that it is minimal, and it is entirely compatible with manual reference exchange over IRC. We would want to install the IRC plugins to any detected IRC clients during the installation of Freenet, and then ask the user to restart the clients if they are currently running. On Wed, Jun 21, 2006 at 05:41:46PM +0100, Matthew Toseland wrote: > What exactly should an IRC plugin do? What mechanisms should it use? > E.g. should it try to use DCC if /msg doesn't work because the user > isn't registered? Or even a dedicated exchange channel? And can we > standardize its format so that two different IRC plugins can talk > to one another transparently? > > Note that the plugin ought to be able to usefully talk to a human being > too! -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/darknet-tools/attachments/20060701/458bf9a8/attachment.pgp From toad at amphibian.dyndns.org Sat Jul 1 01:07:06 2006 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Sat, 1 Jul 2006 02:07:06 +0100 Subject: [Darknet-tools] IRC conversation about IRC plugins etc Message-ID: <20060701010706.GA11979@amphibian.dyndns.org> [00:50] --> aum has joined this channel. (n=aum at 60.234.243.247) [00:50] hi there [00:50] hi [00:50] --> FuriousRage has joined this channel. (i=FuriousR at tor/session/direct/x-ffc3db765f8bfc7d) [00:50] hi both [00:50] okay [00:50] hi [00:50] what needs to happen for an IRC reference exchange plugin to become reality? [00:51] we need to decide what it should do firstly [00:51] aum: are you still interested in coding such things? [00:51] i gotta be honest [00:51] i'm interested, but i'm focused presently on the freesitemgr gui [00:51] hehe, here it comes... [00:51] okay fair enough [00:51] i've never done xchat plugins [00:52] but from what i've seen and tried, it's got a great python api [00:52] yeah [00:52] i'll still have to ensure that it can create buttons, or context menu entries etc [00:52] well, what does one of these plugins need to do? [00:52] the easy one is "exchange with somebody who has the plugin" [00:52] i'd see it as a context menu entry on the user [00:52] what happens if you try to exchange with somebody who DOESN'T have the plugin? [00:52] that's the interesting part [00:53] so you point at user's name in the list, right-click, and see an entry 'exchange noderef' [00:53] yep [00:53] I suppose you are expected to already be chatting with them, yes? [00:53] I mean privately? [00:53] click on that, then it should privmsg the other user with human-readable but parseable text [00:53] so the use scenario: [00:53] I talk to Joe [00:53] well, you could right-click on a user in a public chan [00:53] as well [00:54] I persuade him to install freenet [00:54] I then send him my reference with the right click? [00:54] yes [00:54] he can't auto-add it; i doubt we can ship the plugin with freenet [00:54] ok, that's the simplest [00:55] so i'm not entirely sure how much use it is for individuals who don't have the plugin already ... [00:55] so is this mostly about bot-to-bot? [00:55] the scripts can be optional downloads on the site thought [00:55] i could send the ref via privmsg, which the user can copy/paste into fproxy darknet page [00:55] right [00:55] you could do that anyway though [00:55] that's piss-easy [00:56] what a script could do is notice when there's a freenet reference and offer to add it to your node ... [00:56] but if the other user has the plugin as well, they could pick it up and telnet it to the node [00:56] okay, getting the user to install the plugin when they install the node would be very nice [00:56] and then the plugin could do '/me has added noderef' [00:56] plugins are in your home directory, they're not a global thing, right? [00:57] that would be the only sensible thing [00:57] so we could have the installer scan for .xchat etc and offer to install plugins? [00:57] there's a ~/.xchat dir [00:57] you'd have to restart your IRC client though, wouldn't you? [00:57] i don't know, i'm not familiar enough with xchat plugins [00:57] mirc can load scripts without restart but the user has to do it manually [00:58] well, we could have it ask the user to restart their irc client, if it detects that it is running (recent timestamp on logs)? [00:59] the only issue i see is in nix-land, xchat is only a small percentage of irc userbase, there's bitchx, kvirc, jabber, even telnet [00:59] afaik xchat can load plugins thru the gui without restart, althought it needs user inputs/clicks [00:59] hang on, here's an idea [00:59] what about getting one of those open-source java applet irc clients, and just adding the noderef swap there? [01:00] and if the user doesn't have the plugin, then it simply sends them the noderef, and if anyone privmsg's you a ref, it offers to add it? [01:00] toad_: can do [01:01] and automatically sends them a ref, if one hasn't been sent to them [01:01] if you choose to add it [01:01] so what we want is [01:01] if somebody sends you a ref via privmsg [01:01] then it produces a dialog box asking you if you want to add it [01:01] that makes sense, yes [01:01] with a checkbox to not send one in return, if you say yes [01:01] so that's the recipient end [01:01] * aum really has to learn the xchat plugin api in depth [01:02] the sender end is right click and select Exchange Node References, or something similar (needs to be easy to invoke from a private chat) [01:03] which will simply send a noderef [01:03] so what you DON'T want to do is Exchange Node References with everyone on the channel :) [01:03] haha [01:03] the bot-to-bot ref swap could be done with some "code" so the plugin can identify another bot [01:03] but it's a nice optimization if they're ready to process it [01:03] FuriousRage: it hardly needs to [01:04] so no auto-swap of noderefs with the Chinese Ministry of Information Official then? awwww... [01:04] FuriousRage: you right click Exchange Node References [01:04] FuriousRage: that sends a ref to him [01:04] FuriousRage: his bot recognizes it, asks him if he wants to connect [01:04] he says yes [01:04] so it sends a ref back [01:04] your node recognizes the ref and adds it automatically since you sent the ref in the first place [01:04] all done, very efficient [01:04] althougth a popping up msg middle of out of nowhere can be higly annoying [01:05] indeed, you shouldn't do it unless you know he WANTS a node reference ! [01:05] we have to go over /msg unfortunately because DCC usually doesn't work [01:05] well we COULD try dcc and then try cdcc ... [01:05] or if youre afk and you get node refs could lock client up with msg boxes [01:05] no dcc, it's too vulnerable to firewalls [01:05] but it does have the advantage that it works with manual ref exchanges too [01:05] cdcc? [01:06] FuriousRage: they're modal? [01:06] why do they have to be modal? [01:06] toad_: maybe, maybe not, dunno how all clients client do their gui's ;> [01:06] aum: well we could try it; if it does work it's more secure, and it's less like /msg ... [01:07] well modal dialogs are pretty rare on unix [01:07] toad_: if its an msgbox, it locks you up until you answer, else you need to re-invent the wheel a tad [01:07] although they're more common on windows [01:07] FuriousRage: well that's not good [01:08] you want me to write up the strategy to the list, anyway? [01:08] with mirc you can use an modal msgbox, but thats not good, but you can also make an gui with alot of code. [01:08] :| [01:08] portable code? [01:08] yeah, just one mirc script ini/mrc [01:09] okay [01:09] pure text [01:09] so it's not catastrophic [01:09] it's just more work [01:09] ? [01:09] ya its a tad mode work to get the gui, althought iirc there one or two program that can help you make the gui it self by drawing it and it generates the code for the whole gui for you [01:10] then you just need to add the ref swap code part ;> [01:11] ok... [01:11] how dominant is mirc for irc on windows? [01:11] about IE in comparison afaik [01:11] ppl seams to think mIRC == irc ;> [01:12] :| [01:12] (== irc as in, mirc is something unique, one server chat irc and nothing else exists) [01:12] tbh, i dont know any other windows irc client right off ;> [01:13] ok ... [01:14] will people generally run executables that their friends DCC to them? [01:14] *NIX world got as many irc client that there is dists ;> [01:14] is it useful to provide a means to send somebody an installer? [01:14] which might include your ref built-in, and automatically send its own back? [01:14] toad_: most novice computer ppl double click anything [01:14] well sure but they're idiots and we want to re-educate them... :) [01:15] toad_: or another idea perhaps, could be that you got an seperate "console" program (perhaps gui for win) [01:15] that does the actually ref swap [01:15] generally speaking we won't be able to produce a nice distro servlet site for them because we won't be able to port forward [01:15] i'm a bit helpless with discussing the specifics while I'm still unfamiliar with the xchat api [01:15] you send your IP + a port to the user you wanna swap with and start some "server" that talks to each otehrs and add each others, but that requires the bots know how to talk to each others [01:16] so it's a matter of get it from freenetproject.org, or get it via DCC/email attachment [01:16] aum: we're still debating behaviour here [01:16] FuriousRage: well.. we're not talking about fake-opennet here [01:16] we're primarily talking about making it really easy to exchange refs with people you know [01:16] toad_:althought ppl finding their own way to freenet will probably hesitate running any exe even straight off freenet site [01:17] FuriousRage: :) [01:17] FuriousRage: bazillions of people run freenet from slashdot :) [01:17] i suppose that's a Reputable News Site ... [01:17] toad_: afaik freenet installer is java, so they can decompile everything and check the code for "bad stuff" [01:17] many bazillions of people run files they download off the internet via HTTP; even I do, and I know it's completely stupid; nobody provides binaries over SSL! [01:18] i dont belive any other day supernovice casual user will find freenet in the first place [01:18] FuriousRage: lol, yeah, or they could just compile it from source [01:18] well, anyway, the question is: [01:18] do we want to send people to freenetproject.org or do we want to send them a customized installer? [01:18] but having the ref in clear text could be an issue [01:19] secondly, do we want to send them some sort of invite file which authorizes them to come back, or do we want to just exchange references? [01:19] invites are possible because we know their IP when we exchange refs... [01:19] but I'm generally leaning in the direction of reference exchange... [01:19] FuriousRage: well there's not much we can do about it [01:19] i dont know if this works in GNU/Linux and equal, but in windows you could associate like .fnt (=freenet ref encrypted file or something) if you run it, a program from freenetproject reads that file and adds the ref, then you only need to send that "text"file [01:19] FuriousRage: any encryption we do is both detectable and MITMable :< [01:19] because there's no authentication [01:20] right [01:20] we could send a .freenet-ref file over DCC [01:20] (basicly like notepad ) [01:20] of course that requires that DCC works, which as I understand it it generally doesn't because of the #!$%ing NATs? [01:20] but generally speaking, making freenet a handler for .freenet-ref files is a good thing... [01:21] toad_: email, IM, DCC, yousendit.com ect. [01:21] toad_: you send it = send 1 gig "over email" (more a link to a dl) [01:21] creating a .freenet-invite file is an even better thing, except that we need to know the IP address they'll come back from (and maybe even the port number) in order to hole punch [01:21] toad_: try keep the .xxxx to 3-4 letters for windows imo [01:21] right, so .fnr and .fni :) [01:22] toad_: the .ref file could probably contain exactly the same info as the current ref does, but encoded/encrypted for more safety [01:22] FuriousRage: you mean obfuscated? [01:22] FuriousRage: i suppose, i'm not sure i see the point though [01:22] just stick it in a passworded zip inside a passworded zip, that'll get it over the Great Wall even at the moment :) [01:22] toad_: just check throughly that you dont take a really taken/common extention, i hate that 14 programs uses the same extention for diff data (not .txt, but .dat can be any shit and associate to wrong program sux=) ;> [01:23] obfuscated <-- i dont speak latin [01:23] yeah we need to check the three letter extension we use [01:23] .fnr is almost certainly taken for example [01:23] something to do with fonts :) [01:23] fnt [01:23] fon [01:23] for fonts iirc [01:23] 1. To darken; to obscure; to becloud. [01:23] [1913 Webster] [01:24] (obfuscate) [01:24] we cannot encrypt the references because we cannot establish a key securely [01:24] toad_: ya, so its alteast not in clear text, BUT using zip passwording sux, easilly cracked unless you use a password of 50+ chars [01:24] FuriousRage: sure, but antivirus and firewalls don't do it [01:25] toad_: but you secret police might ;> [01:25] +r somewhere there ;< [01:25] sure but not on every message [01:25] if it goes like it did i france, it might [01:25] not that im 100% up to date with their laws now ;> [01:26] but i guess zip in zip would cover the clear text part anyways [01:26] well anyway [01:26] we can add a handler for .ref files [01:26] for simple references [01:26] the problem is we need to exchange both ways [01:27] http://filext.com/detaillist.php?extdetail=ref&Search=Search [01:27] ref taken by adaware [01:27] FuriousRage: and fnr? [01:27] none afaik [01:27] afais* [01:27] the problem with .fnr files (or whatever extension) is that we need to send one back to the other end in order to complete the transaction [01:27] but 6 programs is know to use ref [01:27] right, so .fnr [01:28] application/x-freenet-reference :) [01:28] how's .fni? [01:28] toad_: almost like current trade, but it wont be in clear text anyways, which is a start [01:28] well i suppose [01:28] we can bolt on obfuscation support later if we need it [01:28] but then either freenet dev needs to make a program to handle .fnr, which gives you ppl more work ;> [01:29] toad_: perhaps if ppl WANTS, they chould add an "password" to be able to add that ref, like [01:29] i msg toad_ with wish to trade ref [01:29] we both agree on a password (for "more security") [01:29] right [01:29] you send the zip [01:29] i unpack it [01:29] without that password, you shouldnt be able to add that ref file [01:29] i double click on the unzipped file [01:31] with win-win ref tade you could use an program to encrypt the ref with agreed password with perhaps RSA or *FISH dunno about win-nix-win [01:31] right [01:31] then it wouldnt beed scripts for each irc client [01:31] well I think .fnr should at least initially just be plain text [01:31] just need a program that runs on nix/win to cover it [01:32] and if people need to obfuscate it then they can agree a password or something [01:33] now, invites [01:33] an invite is: [01:33] - a freenet reference [01:33] - a cryptographic token [01:33] - a few temporary port numbers [01:33] the cryptographic token lets it get into the node, and send its own reference back [01:33] the temporary port numbers are ports which the other node will be sending packets to to punch a hole [01:33] guys - i have to go for a bit, wife just arrived, any chance one of you can save a log of this chat and email me? [01:33] that would need to be built in the node then i belive [01:33] i.e. ports which it can use to send it from [01:34] aum: sure [01:34] aum: seeya [01:34] FuriousRage: .fnr handling would have to be built in [01:34] FuriousRage: don't worry about it, it's not hard [01:34] invites are a bit harder [01:34] but if they are widely usable then cool [01:34] lets compare to windows xp's remote desktop help, there you can email an invite to others, they click a link or something, and they get your ref, but your node need to add its ref [01:35] FuriousRage: huh? [01:35] althought then the insecurity comes to mind, that anyone that intercept your invite could add their node to yours before the real invted one can [01:35] with windows xp, theres an built in "remote help me app" where you can send an invite to help you (like vnc) either thru msn or email [01:36] with that email link they can connect to your remote desktop and help you (like vnc) (if allowed from your side) [01:36] right [01:37] but an invite leaves your node open to get added by anyone as far i can see unless that can be worked out safely [01:37] the invite includes what exactly? your IP address, and some sort of cryptographic token, right? [01:37] probably something like your ref or close to [01:37] but your email *could* get intercepted by that 'evil' goverment that wants no-anonymousness [01:37] FuriousRage: well it lets it be added by the *first person* to use the invite, yes [01:38] if They have machinery set up to intercept invites and exploit them, then we need to take further measures [01:38] firstly to disguise it [01:38] secondly we may want some sort of out of band verification [01:38] it could be some password to add that "any node" but then most ppl would probably add the same password as the invite [01:39] and if the invite is intercepted, and you send the password seperatly thru clean text email, it could be taken too [01:39] right [01:39] but [01:39] well what if you call them by phone? [01:39] that'd be hard to intercept [01:39] if you do the email invite like imagined now [01:40] adding first node that has the right "code" from the invite [01:40] can we do something like checking fingerprints over the phone on GPG? [01:40] FuriousRage: yes...? [01:40] but leaves that node disabled until the node owner enables that one [01:40] which in this case could make you be able to verify that node reall yis the invited one [01:40] thru email, im or w/e [01:41] hmmm [01:41] not sure i follow [01:41] i mean like this [01:42] i send an invite to aum thru email, he clicks the link ro w/e to add me, his node connects to mines, he is the first one to connect to that temp port with the right "key" from the email [01:42] but then i need manually to enable his node/ref after that, so not anyone could get added by me and get connected by default [01:43] how about the invitee sends a fingerprint out of band, which is then verified by a challenge/response protocol? for example ... Alice sends an invite to Bob. Bob adds the ref. Bob creates a secret. Bob sends the secret out of band to Alice. the connection completes? [01:43] if the ref adds as disabled/waiting as defailt, i could perhaps call aum on the telephone the veryfi that this invite node named "xx" is his node and not any other unknown party's [01:44] right [01:44] so we have two security mechanisms [01:44] toad_: well, if the secret is sent over email its too easilly intercepted by anyone with little knowledge, u nless you had something else in mind [01:44] 1. it's the first to use it. [01:44] 2. we verify a secret out of band. [01:44] toad_: out of band, you mean like over im or phone or similar? [01:45] yeah [01:45] over phone, like with GPG [01:45] GPG fingerprints [01:45] there are ways to make it reasonably non-unpleasant :) [01:45] or we just password the whole process [01:45] like [01:45] with a sufficiently creative password, it can be reasonably secure [01:45] 1. i send email invitation [01:46] 2. you add me [01:46] no [01:46] 3. you need to enter a password we agreed on over phone or chat or w/e [01:46] 2. you create a node, add me, and it connects back to me. [01:46] 4. i can see you entered the correct pass, and i choose to enable your node to connect [01:46] right, something like that [01:47] Alice sends an invite to Bob [01:47] Bob installs a node, which connects to Alice, and tells Alice its noderef [01:47] Alice sends a password out of band (over the phone) to Bob. [01:48] Bob then sends a hash of this password back to Alice (in-line), and Alice accepts Bob as not an impostor [01:48] that protects Alice from accepting a bogus Bob [01:48] but then another problem arises, many isp, just like mine, blocks "any" outgoing port 25 other then perhaps their own smtp'servers, so alice need to enter her isp's smtp info to send the invite, unless you want then to get an text to paste into their email program. [01:49] how do we protect Bob from a bogus Alice? public key fingerprint, I suppose ... [01:49] FuriousRage: get a file to attach to their email... [01:49] FuriousRage: or send it over IM [01:49] FuriousRage: IM is much more practical than email anyway [01:49] mm, might be better then send invite form the node it self. [01:49] I think email is largely a nonstarter outside the geek community [01:49] because of NATs [01:50] we must know the other side's IP address! [01:50] althought then it comes down to that Bob perhaps is behind a NAT, and he needs to open the port(s).. [01:50] if both sides know the other's IP and port then we can do UDP hole punching [01:51] brb [01:51] dunno really what that udp hole punching does, but afaik a "broadband router" wont let much inside unless you open it [01:51] its getting late here (2:51am now) [01:56] ok i'm back [01:56] well [01:57] yeah i need to go to bed soon [01:57] one last thing [01:57] all we have to do above is verify the pubkey fingerprints in both directions [01:57] we can make this easy [01:57] ye [01:57] however if we're putting users through that, then there's not so much point in saving the extra round trip [01:57] should be easy for the end user else you scare everyone off except the geeks ;> [01:57] so we may as well simply send the user a copy of the node, with our reference [01:58] and then when the node is installed, we remind the user to send a copy of their new ref back [01:58] we generate the file and tell them to send it back [01:58] that will even work over email [01:59] mm [01:59] beyond that, the only way to make it really smooth on non-real-time media such as email is to hook into the email system and send the ref back; this is good as it means we can send an invite from within the code, but it's unrealistic [01:59] because most people use webmail [01:59] and even if they don't it's extra hassle [01:59] although we can automate it ... until it changes! [02:00] okay [02:00] i'll stick the irc log somewhere [02:00] and write up what i can [02:00] good night [02:00] suggest you go to bed [02:01] maybe the email list for darktools [02:01] nn [02:01] right [02:01] good night [02:01] <-- FuriousRage has left this server. () -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/darknet-tools/attachments/20060701/634cef5b/attachment.pgp