Isidor Zeuner [ARCHIVE] on Nostr: š Original date posted:2014-01-16 š Original message:quote: > > but then you ...
š
Original date posted:2014-01-16
š Original message:quote:
> > but then you remove the implication that a node has to give both public
> > and private IPs to a peer. If it's part of a batch of "addr"s, it could be
> > my own hidden service ID, but it could also be one that I learned from
> > someone else and is now propagating, for anyone to bootstrap with Tor
> > hidden service peers if they'd like.
> >
>
> Hmm. So you mean that we pick a set of peers we believe to not be sybils of
> each other, but they might give us hidden services run by other people? I
> need to think about that. If they're getting the hidden services just from
> addr announcements themselves, then you just punt the issue up a layer -
> what stops me generating 10000 hidden service keys that all map to my same
> malicious node, announcing them, and then waiting for the traffic to
> arrive? If clearnet nodes inform of their own hidden service IDs, that
> issue is avoided.
>
Considering that the clearnet sybil protection also relies on scaling
up the resource requirements for an attacker, why not require hidden
service addresses following a certain pattern, like a fixed prefix?
Essentially also a PoW scheme...
> My goal here is not necessarily to hide P2P nodes - we still need lots of
> clearnet P2P nodes for the forseeable future no matter what.
What would you consider as the main merits of clearnet nodes?
Best regards,
Isidor
š Original message:quote:
> > but then you remove the implication that a node has to give both public
> > and private IPs to a peer. If it's part of a batch of "addr"s, it could be
> > my own hidden service ID, but it could also be one that I learned from
> > someone else and is now propagating, for anyone to bootstrap with Tor
> > hidden service peers if they'd like.
> >
>
> Hmm. So you mean that we pick a set of peers we believe to not be sybils of
> each other, but they might give us hidden services run by other people? I
> need to think about that. If they're getting the hidden services just from
> addr announcements themselves, then you just punt the issue up a layer -
> what stops me generating 10000 hidden service keys that all map to my same
> malicious node, announcing them, and then waiting for the traffic to
> arrive? If clearnet nodes inform of their own hidden service IDs, that
> issue is avoided.
>
Considering that the clearnet sybil protection also relies on scaling
up the resource requirements for an attacker, why not require hidden
service addresses following a certain pattern, like a fixed prefix?
Essentially also a PoW scheme...
> My goal here is not necessarily to hide P2P nodes - we still need lots of
> clearnet P2P nodes for the forseeable future no matter what.
What would you consider as the main merits of clearnet nodes?
Best regards,
Isidor