jrandom | 2 Nov 22:35 2004
Picon

weekly status notes [nov 2]


Hi y'all, time for the weekly update

* Index:
1) Net status
2) Core updates
3) Streaming lib
4) mail.i2p progress
5) BT progress
6) ???

* 1) Net status

Pretty much as before - a steady number of peers, eepsites fairly
reachable, and irc for hours on end.  You can get a peek at the
reachability of various eepsites through a few different pages:
 - http://gott.i2p/sites.html
 - http://www.baffled.i2p/links.html
 - http://thetower.i2p/pings.txt

* 2) Core updates

For those hanging out in the channel (or reading the CVS logs),
you've seen a lot of things going on, even though its been a while
since the last release.  A full list of changes since the 0.4.1.3
release can be found online [1], but there are two major
modifications, one good and one bad:

The good one is that we've dramatically cut down on the memory churn
caused by all sorts of insane temporary object creation.  I finally
(Continue reading)

mrecho | 3 Nov 21:22 2004
Picon

DNS much?

Wow, I just looked at that host file.
Is there any work being done on a DNS system?
Maybe I should jump back on and help out.

Im going to try to get it up and working today, but If I cant and ive used I2P 
before.... some major work needs to be done before I really get back into 
this.
mrecho | 5 Nov 01:14 2004
Picon

Re: DNS much?

On Wednesday 03 November 2004 12:22 pm, mrecho@... wrote:
> Wow, I just looked at that host file.
> Is there any work being done on a DNS system?
> Maybe I should jump back on and help out.
>
> Im going to try to get it up and working today, but If I cant and ive used
> I2P before.... some major work needs to be done before I really get back
> into this.
> _______________________________________________
> i2p mailing list
> i2p@...
> http://i2p.dnsalias.net/mailman/listinfo/i2p

In order to have a true DHT DDNS you can NOT have a CA that signs everything.
How do you update your Base64 for your Domainname? Lease time?
How do you add a sub Domainname? and make sure its the right person adding it?
What if the CA goes down? or 2?
What if the private key of the CA gets stolen or lost? Hacked?
Ok you have it signed by the CA, how do other Nodes get it?

Yes today I got pissed off at jrandom.

If you loose your pub/priv key to your domain, how do you update it? A CA is 
good for data that will never have to be changed. one time use kind of thing.
It can not be used in a dynamic enviroment such as a DNS.
jrandom | 5 Nov 03:09 2004
Picon

Re: DNS much?


First, I want to apologize if you took offense to the suggestions I
was making - they were made with the intent only of improving the
security of your work.  That said, perhaps I can address the specific
questions raised below so that others can understand how a
certificate authority (CA) comes into the situation.

To those playing along at home, the basic question at hand is how do
you guarantee uniqueness for human readable names in a distributed
environment.  Whether you want to guarantee uniqueness is a whole
different matter thats been discussed more times than I can count,
but for the sake of this email, assume that you *do* want human
readable and globally unique addresses.

> In order to have a true DHT DDNS you can NOT have a CA that signs
> everything. How do you update your Base64 for your Domainname?
> Lease time?
> How do you add a sub Domainname? and make sure its the right
> person adding it?

These are good questions, and the PKI people have done pretty well at
offering solutions.  Here's an example:
 * When registering a name with the CA, they give you a
   public/private keypair and a signed statement saying
   "the public key XYZ is authoritative for *.somename.i2p"
 * Whenever you want to add a new name under *.somename.i2p
   or change the destination associated with one of the names,
   you simply sign a new address entry with the private key that
   the CA gave you.  The entry itself also contains the signed
   statement from the CA, so anyone looking at it can verify it.
(Continue reading)

jrandom | 5 Nov 06:02 2004
Picon

Re: DNS much? (fwd)

[forwarded with permission]

---------- Forwarded message ----------
Date: Thu, 4 Nov 2004 20:56:14 -0800
From: mrecho@...
To: jrandom <jrandom@...>
Subject: Re: [i2p] DNS much?

On Thursday 04 November 2004 6:09 pm, you wrote:
> First, I want to apologize if you took offense to the suggestions I
> was making - they were made with the intent only of improving the
> security of your work.  That said, perhaps I can address the specific
> questions raised below so that others can understand how a
> certificate authority (CA) comes into the situation.
>
>
> =jr

For secutity sake a CA server would be great, I do have to agrey with you
there.

As you read this you will know were this fits in...
If you use the linehash to sign the CA with it then has another hash right? ok
so we include that new hash into the new/update data being passed around, now
you can verify that that linehash is valid using the public CA key. This
would keep my main idea going and the dynimicness of the system going.
You could still update hostname data and have a easy way of verifying that its
not a bad(false) update. Since the linehash is a "one time use" thing this is
were a CA would work best!

(Continue reading)

MrEcho | 6 Nov 11:49 2004
Picon

MyDNS update

Ok screw it....

Im going to sign the: base64 and lease time together at the CA.
Its going to be a lot more work for the CA, but I guess it will work out at 
the end.
I was trying to cut down on cpu time and bandwidth at the same time.. but alot 
of you think the other way will be better.

CA now will have to keep a full listing of all the data (besides the 
Signature).

Ohh well, I tryed, will keep pluging away at it.
MrEcho | 6 Nov 12:11 2004
Picon

Re: MyDNS update

On Saturday 06 November 2004 2:49 am, MrEcho wrote:
> Ok screw it....
>
> Im going to sign the: base64 and lease time together at the CA.
> Its going to be a lot more work for the CA, but I guess it will work out at
> the end.
> I was trying to cut down on cpu time and bandwidth at the same time.. but
> alot of you think the other way will be better.
>
> CA now will have to keep a full listing of all the data (besides the
> Signature).
>
> Ohh well, I tryed, will keep pluging away at it.
> _______________________________________________
> i2p mailing list
> i2p@...
> http://i2p.dnsalias.net/mailman/listinfo/i2p
Sorry for the extra mail.....

Ok thats not going to work.
How the hell does the owner verify that he/she is the owner of that domain 
name?
The CA keeps a password on hand?
When the doman gets added by the CA, does it gen a password for the owner to 
use when updating?

so: Node gets a update msg -> w.i2p:lease(to notify the Node its just a lease 
update):leasetime:new(leasetime):new(sig)
check the new(sig) against the base64 and the new(leasetime)

(Continue reading)

jrandom | 6 Nov 23:27 2004
Picon

0.4.1.4 is available


Hi all,

Well, the 0.4.2 release is taking more time than initially
anticipated, but there have been a lot of bugfixes since 0.4.1.3,
so we're pushing out an interim 0.4.1.4 release, available all the
usual ways.  It should improve stability by reducing the number of
spurious tunnel failures, along side the occational bugfix.  It is
backwards compatible since the new streaming lib isn't deployed as
the default, so come 'n grab it.

The full list of whats been added since 0.4.1.3 is up and available
at http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD

As always, see  <at>  http://www.i2p.net/download for instructions

=jr

SHA1(i2p.tar.bz2)= d9df18fa7c10eeef7242c71b5547c9158a04353a
SHA1(i2p_0_4_1_4.tar.bz2)= f1318930bc5ef1114a3d367a96cb27ada690238e
SHA1(i2pupdate.zip)= 044f2a50d5df9b75f9067f74f6046ab3cf012fb7
SHA1(install.jar)= d6325bd18761824bc2b6bb59855e965ce7ce412f

jrandom | 9 Nov 22:21 2004
Picon

weekly status notes [nov 9]


Hey everyone, weekly update time

* Index:
1) 0.4.1.4
2) Streaming lib
3) BT progress
4) addressbook.py
5) ???

* 1) 0.4.1.4

The other day we pushed out a new patch update, and 2/3rds of the
network has upgraded so far - thanks!  Reports have been positive,
including lower CPU usage and less failures, along side lower memory
usage.  The network as a whole has grown a bit, staying consistently
in the upper 70s/low 80s as well, which is a good healthy number for
the time being.

* 2) Streaming lib

Lets see if I can say the same thing three weeks in a row... Lots of
progress, more details when they're available :)

* 3) BT progress

The BitTorrent port has been making leaps and bounds as of late - the
other day I installed it and was able to do a swarming transfer
between multiple peers entirely through I2P!  Perhaps duck can give
us an update during the meeting?
(Continue reading)

duck | 15 Nov 00:11 2004

Network Health

You might have noticed that the last couple of days the health of
the I2P network has been very bad. It is impossible to connect to
the IRC server and also other services are failing often.

This behaviour is caused the I2P tunnels not dealing well with the
traffic them, instead of quickly dropping excessive connections, it
tries to serve them all; which results in a nasty traffic jam. The
increased network traffic caused by the torrents is likely the
cause for this behaviour showing up early.
</duck's attempt to summarize the problem>

As we know, jrandom is working on the new streaming library, which
will fix this problem. Repairing the current design is not easy;
I think it will be a waste of time with the new lib near.

duck, over & out.
_______________________________________________
i2p mailing list
i2p@...
http://i2p.dnsalias.net/mailman/listinfo/i2p

Gmane