Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CJDNS hype

Mitar mmitar at
Sun Jul 14 17:49:30 PDT 2013


On Sun, Jul 14, 2013 at 1:15 PM, Ralph Holz <holz at> wrote:
> Ah, I see. I was thinking more along the lines of "how do I make sure I
> am not accidentally speaking to the censor himself?". As that would be
> as harmful as not being able to speak at all.

Not necessary, if you still have end-to-end encryption. So transport
layer should just assure transportation.

> BTW, how do you propose to make Sybil nodes "impossible"?

I don't. I am just making an argument, that maybe there is some way we
(or I) don't yet know which would allow us to don't have to trust
other nodes with anything else that they forward the packet. And if
they don't, we can maybe detect that and remove them from the routing
path. So at the end maybe it is not even important if Sybil nodes are
possible or impossible. You just care if they forward the packet. If
they do, this is it. If they don't (from whatever reason, being
malicious or just malperforming), you route along that, no? But to be
able to route around, you have to be able to have multiple paths.

>> So yes, while we currently don't know how to do such a network without
>> being sure to who you are talking, I am wondering if there is some
>> proof that we will never be able to know how to do that? So is there
>> some inherent property which would as a consequence show that we have
>> to trust somebody ultimately? (Maybe we have to trust them just
>> partially, or just for a short periods of time, or maybe with some
>> probability we can get "good enough" performance.")
> I am not so sure I understand what you mean, I am afraid. But generally
> speaking, it is very hard to quantify 'trust'. There is a host of
> literature on that, with trust metrics etc. I don't know much about
> that, except that I don't see it used anywhere.

I was just saying that saying "you need somebody you know and trust in
the network" implies one of two things:
- we currently don't know how to do it otherwise, or
- it is known that it is so and it will never be possible to do it
otherwise (and is there a proof for that?)

> Although, if I were the censor, I'd go and censor the underlay. Do DPI
> on IP level and throttle (not block) by dropping 80% of all TCP
> segments. Just enough to let TCP retransmit all the time. Tor has been
> attacked (not throttled, blocked) that way on several occasions. I
> expect Jake and Roger will tell us more about that when they give their
> next talk. :)

Yes. :-)

BTW. The issue I have with "you just have to make a security decision
who you trust" and then everything will work is that we have for quite
some time very good and secure systems, where the only decision you
have to do is a such one. And they fail again and again because people
are very bad at determining this (phishing, for example). So saying
that this is the only thing they should do for me is already a bit too
much. We should find ways to make such decisions easier (in the
browsers, we display warnings - and they are still not working
always). And with schemes where your security decision does not just
impact you, but also everybody else down your routing chain, this is
even bigger problem.



More information about the liberationtech mailing list