[freenet-dev] Alpha, Darknet routing, et al.
Matthew Toseland
toad at amphibian.dyndns.org
Tue Feb 5 23:01:25 UTC 2008
On Tuesday 05 February 2008 21:10, Robert Hailey wrote:
>
> On Feb 4, 2008, at 7:24 PM, Michael Rogers wrote:
>
> > Matthew Toseland wrote:
> >> Swapping creates this problem. Or does it? Could you perhaps do
> >> some simulations of two networks of different sizes weakly linked
> >> and show whether they get independant location spaces, or whether
> >> swapping tries to put one of them within the global keyspace for
> >> the other?
> >
> > Here's a quick simulation that shows that two weakly-connected
> > subnets move into separate regions of the key space. Each subnet has
> > an ideal Kleinberg topology and starts out uniformly distributed
> > across the whole key space, and there are also a few random links
> > between the subnets - this is meant to represent what would happen
> > if you created a few links between two mature networks, or between a
> > real network and a Sybil network.
> >
> > I couldn't be bothered to do a nice GUI so the output is just a
> > series of histograms: on each line the key space is divided into 20
> > regions, and each column shows the number of nodes from the first
> > subnet in that region. Initially there are roughly 50 nodes in each
> > region, but swapping causes the subnets to segregate so that
> > eventually most regions are almost exclusively occupied by one
> > subnet or the other.
> >
> > It's kind of interesting to compare this with "white flight" in
> > sociology...
> >
> > Cheers,
> > Michael
>
> Ok. I see it Michael's way now.
>
> I'm not sure to what degree this effects our present network, but when
> graphed out, the individual location movements from this swapping
> simulator often mirror zothar's previous graph (of location jumping);
> and while one network is making a hole in the other, the sliding/
> compression looks just like what I saw previously as network rotation.
>
> This is quite a problem. In fact, this may be the fundamental problem
> with swapping. Because of this, a sybil network could presently even
> choose which segment of the keyspace to occupy with very few links.
>
> The same network coloring/routing logic *might* be applicable to
> swapping. That is, to simply confine swaps to the network they came
> from. I'm not aware of another way to both secure sybil nets from
> invasion and keep major keyspaces separate. Unfortunately it has the
> obvious problem of a dependency feedback loop:
>
> (1) swaps are fundamental to routing,
> (2) routing is required for my auth-ping idea,
> (3) these auth pings are required for secured network-id coloring,
> (4) then... could we use the network id's to modify swapping???
>
> It seems like the network-id idea would have to be changed to be a
> little more relaxed; either by not effecting swapping until we have
> computed the assigned network-ids (fall-open while in transition), or
> by simply accepting (for the moment) the most common network id from
> our peer set (rather than strictly random id on startup).
>
> My question is, *if* such an idea is considered valid and in such a
> case how could we be assured that us labeling and isolating a subnet
> is not what *keeps* it labeled as a subnet because it's routing is
> messed up for lack of swapping? I guess that would require all the
> bordering nodes to consider that simultaneously, which would be a rare
> and unstable condition in a well connected network.
Over short distances we can expose the topology, does that help?
The other problem with swapping - which may also be a fatal flaw, and may be
another variant of the same bug - is that an attacker can send bogus swap
requests, which can be catastrophic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20080205/ad1f5925/attachment.pgp
More information about the Devl
mailing list