Menu
▾
▴
Re: [Grapevine-devel] Re: Grapevine commentary
|
From: Anthony J. <aj...@cl...> - 2003-10-31 08:28:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 31 October 2003 16:13, Stephen Blackheath wrote: > Thanks for all that. How can the client check the signature? What > prevents the node with the root file from lying, since this information > can't be protected by a CHK? The client can decide whether or not to believe the signature. The signature must be from a node in the area at or near where the root file is located. A client should require a certain number of signatures from that area before it will actually believe them and not try to find the file for itself. > Another idea I had was this: Let's say the file contains 100 blocks. You > do a random sample to see what proportion of those blocks can be fetched > (without downloading - it would be good find a way to cryptographically > prevent cancer nodes lying). A statistical analysis will give you a > reasonably accurate indication of the probability of retrieving the entire > file, with only a small sample. That idea works. It certainly had the advantage of simplicity. > Your plan has an efficiency advantage, though the signing would consume CPU > time. The idea I just mentioned has the advantage of simplicity - a very > important thing to me at the moment. The signing only happens when the node discovers that a file is broken. After that the "this is broken" marking can gain or loose signatures. I can see this starting to get complicated. I think I'm starting to prefer your idea. Anthony -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/oh0Pd+IOCdhCut8RArmeAJ9eaphZJLhk1vu7d6qspsAIQ3K6ZQCeLmhv h4Gx5ENTvetRJoNUbe8MNHI= =Cm/6 -----END PGP SIGNATURE----- |
