Sybil attack?

str4d str4d at i2pmail.org
Tue Feb 17 12:50:18 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Natanael wrote:
> Den 17 feb 2015 07:56 skrev "str4d" <str4d at i2pmail.org>:
> 
>> Other than that, there is no difference. Non-honest Tahoe-LAFS 
>> nodes are perfectly capable of joining a standard Tahoe-LAFS 
>> network and sending fake replies. So any Sybil attack on the I2P 
>> Tahoe-LAFS network would be directly applicable to a standard 
>> Tahoe-LAFS network.
> 
> How would somebody go around connecting to let's say my home 
> network with a couple of Tahoe-LAFS nodes and pretending to be 
> storage nodes holding oat of my data?

I2P is an anonymous analogue of the Internet, so it is disingenuous to
compare it to a user's home network. If you have a private network
that you have full control over and that can be isolated from the
outside, then you have no need of the anonymity (and overhead) that
I2P provides.

> Wouldn't most Tahoe-LAFS setups whitelist storage nodes, or 
> otherwise simply not be open for others to connect to?

Most private Tahoe-LAFS setups running over the Internet would use a
private introducer. The same can be done with I2P - just set up your
own Introducer, and use that. And if regular Tahoe-LAFS supports
whitelisting storage nodes, then you can do that too when running
Tahoe-LAFS over I2P.

> 
> The I2P version allows anybody to act as a storage node, and get 
> connections from clients looking for data.
> 

This is true (as it is for standard Tahoe-LAFS), but only if you use
the public introducers, which implies that you _want_ your client or
storage node to communicate with other user's nodes.

It is of course possible for an adversary to trawl active I2P
Destinations hunting for private Tahoe-LAFS nodes, and connect to them
without knowing their private Introducer. But this is also possible
for a standard private Tahoe-LAFS network over the Internet, just by
trawling IP addresses. The only way to properly protect against that
is either to whitelist incoming connections (which can be done on I2P
too), or use a private LAN or VPN, in which case you don't need I2P,
as mentioned above.

str4d
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU4zjNAAoJEIA97kkaNHPnmLgP/isH8ZISkbUTf1iD+N2jyA+h
XOTfvJGUePcaGxQa9CRPaZQDbWBoRfOO0MaaBeX8XcbWmOB3d4D25O2Y3X3ntptv
6qnsyV5UR8Da2O3hkupmzAOxE2Pi4IcKBvIOFhiQ5f0/3ktF+HFVlrWcXLc5Kdrq
QaJPf1AubvnnrO7Lqaod2+NkvuOLdr90zNyDAdAIyNwbPavsgmaDej+KPHzPKtR8
C2tVRDQzgsCfmNS+fb3Vill7a3iZsA1fU2ZRbOhsskKLFu/jJ+FU7ZcrVfpqsWe2
HVGEnCEWFQj+VP6Q+o4efI2cUIuSTkCHmQJ2TBUw3Rqgj1yz7dSTshg6r73/AvG2
idNY1RyyZS98LHqiyAG++0CnT/fBC3FG7Qcd6FoWzh45/Pret4O1Kp4XY/+O5eqt
wKOVRWCD34Q9GdTjyqzg6/zL5JMx1sU+Uxunv9MviwGkCx7VgN0brMxN80S8NnCW
2yNWMWYHvYq2WK96bkfrSIhol+FrJw7WbpRhbQDzDN6h/fLkkruhqgw7eHtiZYWJ
y3tVePiUfNQZEa80Zu1ZKBkszjwTAxUlfCNZ88qAdS6+wEvuv8VP/Q3fB7Cx271x
+kp5e9/Ji1HA8c40WjRjxFxzy9NQ6B4dzJLYHQpDPjqUIX3JE4VAb9+3EqKsUGuY
fD8ceYvuStGrY4eLzLb1
=7Kak
-----END PGP SIGNATURE-----

More information about the tahoe-dev mailing list