[freenet-dev] Easier reference swapping
Florent Daignière (NextGen$)
nextgens at freenetproject.org
Tue Mar 6 10:37:25 UTC 2007
* Volodya <Volodya at WhenGendarmeSleeps.org> [2007-03-06 05:44:35]:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew Toseland wrote:
> > I don't understand why a password and IP address is easier than a
> > one-time reference. I suppose it has the advantage of being able to
> > write it down - but for it to be secure it would need to be a one-time
> > password; you'd need to generate a new one every time ...
> >
> > Hmmm. Maybe we should provide both mechanisms?
>
> One thing that might be done is not having an increadibly secure password protection (just
> secure enough), but when somebody adds themselves via password they get added in the
> disabled mode, then the person tells you "It asks me to tell you to enable me" and you do
> so. If somebody intersepts the password in between and uses it, the second person will get
> a request to inform you that password has been used already, so you just go and delete the
> bugger who used it.
>
> In other words: Bring security away from the machine and to the person.
>
> - Volodya
>
So far a node is *passive* and won't react upon reception of any unknown data.
If we want to tell the user that the password has already been used, we
would need to change that behaviour :/
I'm not sure it's a good idea.
NextGen$
More information about the Devl
mailing list