gpg: Signature made Thu Apr 27 14:02:23 2006 UTC using DSA key ID 6554A22D
gpg: Good signature from "Matthew John Toseland (Toad) <toad@amphibian.dyndns.org>"
On Wed, Apr 26, 2006 at 09:48:41PM +0200, Florent Daigni?re (NextGen$) wrote:
> > >
> > > Imho we need to publish every known and valid ip addresses, even local
> > > ones ; otherwise nodes on the same lan won't be able to connect (to both
> > > outside and internal peers).
> >
> > Isn't that a security risk? Well, not to darknet peers I suppose?
> >
>
> I don't see it as a security risk. Sending one handshake packet once a
> while isn't a security problem imho.
I mean sending all our IP addresses.
>
> > Anyway we don't want to try such addresses unless we have a good reason
> > to believe they will work e.g. if we have the same external IP detected
> > through STUN ?
>
> ... whereas sending packets to an external well known 3rd party peer is ;)
It's not a great security risk if many other apps also use STUN, but
obviously it should be optional.
>
> Even if we bundle an ip-list of stun servers... a dns name... It will be
> a convenient way to harvest.
Only if only freenet uses STUN. If it is the case that most VoIP clients
and most P2Ps use STUN, then it's not such a risk.
>
> > True multi-homing as you suggest would be fairly easy though, it's not a
> > big deal.
>
> I'm not saying it's hard to do :) Just that it's pointless to do the
> rest without the basis ;)
>
> NextGen$
--
Matthew J Toseland - toad@???
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
