public inbox for
Atom feed
From: John Goerzen <jgoerzen@complete•org>
To: Sergey Matveev <stargrave@stargrave•org>
Subject: Re: Some questions about areas
Date: Tue, 17 Aug 2021 16:04:30 -0500	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Tue, Aug 17 2021, Sergey Matveev wrote:

>>2) I'm a little unclear on the difference between having a 
>>machine that
>>lacks the keypair and one that lacks the area entirely.
> The one that lacks the area entirely can not do with the packet 
> anything
> at all. It just can tell that "I see some area packet, and 
> won't/can't
> do anything with it". If you add area knowledge (its area id), 
> then you
> can at least create copied of the encrypted area packet to 
> everyone in
> "subs". You can relay it, that is treated like successful 
> processing.
> Adding keypair gives ability to decrypt that area packet for 
> storing the
> file/exec transmissions.
> No keypair -> you can still relay packets.
> No area knowledge at all -> you can only drop that packets.
> No "via" and routing plays any special role in multicast areas.

OK, I think I have it.  Let's say you have a machine A, that 
connects to only machine B.  Machine B connects to C, D, and E. 
Like this:

A <-> B <-> [C, D, E]

If there was an area with all of these members, but B not trusted 
to decode, and a packet originating from A, there would be two 
ways to handle it:

1) In A's subs, it's only B.  In B's subs, it's A, C, D, E.  B 
lacks the keys for the area but has the area definition.  When the 
packet originates at A, it is sent only to B, which then explodes 
it to C, D, and E.  C, D, and E would all have just B in their 
subs, which would cause them to not relay the packet any further, 
since they got it from B.

2) Or, B could not know about the area at all.  Every node except 
B would have "via B" on every other node.  The subs on A would be 
C, D, and E.  When creating a packet on A, it would explode it out 
itself, queueing three messages for B: one each for C, D, and E. 
Then, over on, say C, it would receive the packet, and queue up 
what turn out to be duplicates for D and E, routing them via B. 
They'd be ignored on D and E, since they would have already seen 
the original message from A.  The same would happen with nodes D 
and E, creating 6 duplicate packets.

Have I got that right?

So, for a setup like this, it is most efficient to have the 
"untrusted" relay node B be part of the area, but lack the keys.

- John

  reply	other threads:[~2021-08-17 21:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-17  5:19 Some questions about areas John Goerzen
2021-08-17 18:35 ` Sergey Matveev
2021-08-17 21:04   ` John Goerzen [this message]
2021-08-18  7:21     ` Sergey Matveev