[freenet-dev] [freenet-cvs] r15469 - trunk/freenet/src/freenet/node

Florent Daignière nextgens at freenetproject.org
Tue Oct 23 07:56:34 UTC 2007 

* Matthew Toseland <toad at amphibian.dyndns.org> [2007-10-23 00:45:28]:

> On Sunday 21 October 2007 16:27, you wrote:
> > Author: nextgens
> > Date: 2007-10-21 15:27:24 +0000 (Sun, 21 Oct 2007)
> > New Revision: 15469
> > 
> > Modified:
> >    trunk/freenet/src/freenet/node/FNPPacketMangler.java
> >    trunk/freenet/src/freenet/node/PeerNode.java
> > Log:
> > JFK:
> > 	* Keep 10 signed exponents in a FIFO queue
> > 	* Serve a new one whenever possible
> > 	* Refill the queue every 30 sec if needed
> > 
> > That's probably better this way. What about the NewArbitraryValue I've 
> introduced? well you tell me :p
> 
> Increasing it uses more memory, and an attacker could exhaust a larger queue 
> almost as quickly. However it would allow slightly more forward secrecy under 
> heavy load. But the difference is marginal: our *real* forward secrecy 
> depends on how long the connections retain the negotiated keys, not on their 
> being completely unrelated to one another.

I might implement re-keying once the current trunk is released.

> 
> In fact you could argue that it's unnecesary complexity to have a queue at 
> all, but since the JFK paper suggests it, it's probably a good idea.
> 
> Is 1 *new* DH exponent every 30sec a reasonable rate ?
> 
> Yes. It's a trivial amount of CPU and memory, unlike the cost of creating a 
> new DH exponent per packet, which is what we'd be doing with STS (one of the 
> reasons for using JFK).
> 
> Oh and you should synchronize on pn when accessing pn.jfkContext. The below 
> suggests NPEs.

Well, I access it only in sendMessage1 & sendMessage2 and I check if
it's null there... That shouldn't be a problem anymore in current
trunk.

NextGen$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20071023/e617f8ac/attachment.pgp

More information about the Devl mailing list