[tahoe-dev] Building a more resistant introducer
David Triendl
david at triendl.name
Thu Dec 10 15:51:12 PST 2009
On Thu, Dec 10, 2009 at 03:31:10PM -0800, Brian Warner wrote:
> Francois Deppierraz wrote:
>
> > pb://TubID@volunteergrid-introducer.allmydata.org:53345,tahoe.ctrlaltdel.ch:53345,another-hostname:53345/introducer
>
> Great idea!
>
> > The private key of this introducer will be kept by Zooko and myself for
> > new. I'm wondering about the security implications of publishing it to
> > the world. That would allow someone else to take over the introducer
> > duty if the current one disappear.
>
> Someone who posesses the private key (and can cause client traffic to go
> to a computer under their control, either by controlling your IP
> routing, the DNS mapping, or by just running one of the named computers
> normally) can effectively define the grid: they can control which
> servers are used by any given client. That means a client could be
> forced to see a subset of the "correct" server list, or none, or an
> entirely separate network. Note that this only affects availability, not
> confidentiality or integrity.
>
> That said, for our purposes, I think it'd be fine to publish this
> private key, or merely hand it out to anyone who asks for it.
I don't think it is a good idea to freely distribute the key, I would rather
just give it to a few persons which are already known for their work on
tahoe/the volunteergrid.
> Incidentally, we should only run one introducer at a time. Clients will
> attempt to connect to all of the FURL's "connection hints"
> simultaneously, and the first correct response will win. So we shouldn't
> spin up a new introducer until we're sure the old one is dead. (the
> consequence of having two running at the same time is like an IRC
> netsplit: the grid will split into two pieces, and you'll only be able
> to see the nodes that connected to the same introducer as you).
Maybe tahoe will be able to support multiple introducers at a later stage, but
until then I don't think we will have too much trouble with coordinating the
introducer(s).
> > We still need a third person willing
> > to provide a DNS record and the duty of keeping it up to date in case
> > the introducer has to move.
>
> I can run a third. Name it "testgrid.lothar.com" and I'll set up the DNS
> mapping later.
The more the merrier :D
I just registered volunteergrid.org, so that the webapi can finally have a
better name than tahoe.soultcer.net. I set up an A record for
introducer.volunteergrid.org to 62.220.138.72 (can easily be changed), which
can also serve as a stable pointer to the current user of the volunteergrid.
Cheers,
David
More information about the tahoe-dev
mailing list