public inbox for nncp-devel@lists.cypherpunks.ru
Atom feed
From: Sergey Matveev <stargrave@stargrave•org>
To: nncp-devel@lists.cypherpunks.ru
Subject: Re: Areas authorization
Date: Sun, 8 Aug 2021 11:52:17 +0300	[thread overview]
Message-ID: <YQ+bQXzooXRHvAHt@stargrave.org> (raw)
In-Reply-To: <87sfzluffz.fsf@complete.org>

[-- Attachment #1: Type: text/plain, Size: 2181 bytes --]

*** John Goerzen [2021-08-07 16:12]:
>I am wanting to set up an area where only one node is authorized to create
>packets bound for it

There are some quick thoughts, just brainstorming, currently not taking
it seriously: what a node can do with incoming area packet? It has only
knowledge of area id, sender id, probably its signature verification.

* delete it
* relay it, then delete (no area's private key)
* relay and accept for local delivery, without signature check (unknown sender)
* relay and accept for local delivery, with verified signature
* relay and deny for local delivery (untrusted sender)

I thought that all logic can be moved to separate executable script
(shell, Perl, whatever user wish), that will be executed with (for
example, just brainstorming) three arguments: area id, sender id,
is signature valid. (I think that if sender is known, but has invalid
signature -- its packet can be dropped immediately). And that utility
will return the "decision". Something like:

    #!/bin/sh
    AREA=$1
    SENDER=$2
    [ "$SENDER" == `hash-of-nncp-neigh alice` ] && return CODE-TO-ACCEPT
    [ "$SENDER" == `hash-of-nncp-neigh bob` ] && return CODE-TO-RELAY-ONLY
    [ "$SENDER" == "unknown" ] && return return CODE-TO-DENY-COMPLETELY

But there are not so much actions possible, so I tend to think this is
unnecessary complication and just several lists can be kept inside
NNCP's configuration. "deny/allow-relay: [...]", "deny/allow-process:
[...]", and so on.

FidoNet did not have moderation as Internet's maillists, where you mail
was kept on maillist server until moderator decide what to do with it.
FidoNet's moderator warned and asked nodes to look for their points
behaviour. Noone can really completely forbid all messages spreading.
Usenet, as I understood, had the same issue: everyone can spread his
messages and if someone want to blind them, he just setup his own
personal "killfile". Moderated Usenet newsgroups has centralized point
of moderation, so it is not the floodfill multicasting.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

      parent reply	other threads:[~2021-08-08  8:52 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-07 21:12 segfault with areas John Goerzen
2021-08-07 21:41 ` Sergey Matveev
2021-08-08  3:10   ` John Goerzen
2021-08-08  8:52 ` Sergey Matveev [this message]