[Tech] Proposal: one-time references

[Matthew Toseland]

I am trying to disentangle the whole "easier reference swapping"
discussion. So lets have one thread per proposal, shall we?

One-time references
===================

Fproxy provides an interface to produce one-time references. These
consist of a file, including:
- The node's current IP addresses (all of them)
- A deadline after which the reference is no longer valid
- A blob of data which is recorded by the node in permanent storage for
  that period
- Symmetric encryption keys for the setup process (these are unique to
  this one-time reference)

When a one-time reference is double-clicked or otherwise fed to a node,
it will connect to the node by the given IP, verify that it has the blob
of data via a challenge/response protocol, and full noderefs will be
exchanged. The blob will be removed from persistent storage; they are
not re-usable.

Dependancies
------------

The node issuing one-time references must be able to receive packets
from anywhere on the internet. So we need UP&P.

Easy extension
--------------

This can easily be extended to the ability for fproxy to produce a
binary installer which includes a one-time noderef.

Attacks
-------

The one-time reference MUST be delivered securely. If it is sent through
a cleartext channel it may be intercepted (which gives away that you are
running a node) or replaced via a Man-In-The-Middle attack (resulting in
the attacker being connected to both the issuer and the recipient).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/tech/attachments/20070306/7e97c58d/attachment.pgp