[mnet-devel] What does EGTP do that a PGP message doesn't

Zooko O'Whielacronx zooko at zooko.com
Fri Oct 3 20:38:21 BST 2003 

> On the crypto level, what does EGTP do that a PGP encrypted and signed 
> message doesn't do?

It protects initiators from an attacker replaying a response that a server 
sent.  That is: it gives an "at-most-once" guarantee to initiators.

Since it doesn't give such a guarantee to responders -- only to initiators --
it is hardly valuable in practice.  Actually, even if it *did* work on both
sides it wouldn't be useful for Mnet v0.6 or Mnet v0.7.  Nor would PGP, SSL, or
any other form of encryption of the chatter that passes between peers.

I still stand by what I posted earlier [1]:

    """
    I have a radical suggestion: drop link encryption and use normal Twisted
    TCP connections.  Anything that I could learn from hacking into your ISP
    and sniffing your TCP connections I could learn more easily by running an
    Mnet node and peering with your Mnet node.  

    Maybe in the future Mnet will have features like one-hop-privacy,
    friendnet, or something else that makes that statement untrue, but in the
    future we can add link encryption back in.  Until then, if you (icepick)
    are spending your time implementing link encryption, you're probably
    wasting your time as far as real-world privacy or security goes.
 
    (Note that block encryption does actually serve a useful privacy purpose,
    and I think we should keep it as it is currently defined and implemented in
    ZNFF.)
    """

Consider a current, realistic, attack scenario: some nefarious organization is 
going to spy on the user's transmissions and then sue them for tens of 
thousands of dollars.  Does this nefarious organization achieve this by 
wiretapping at ISPs and interpreting the unencrypted transmissions?

No, it achieves this by running a node and peering with the intended victims.

Encrypting the peer-to-peer comms at this point is putting bars over your 
windows while the front door is standing open.


Regards,

Zooko

[1] http://sourceforge.net/mailarchive/message.php?msg_id=6077291



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel

More information about the Mnet-devel mailing list