Re: [GNUnet-developers] Reverse resolution of VPN/GNS

[Martin Schanzenbach]

On Fri, 2016-11-04 at 19:02 +0100, Christian Grothoff wrote:
> On 11/04/2016 06:46 PM, Martin Schanzenbach wrote:
> > 
> > > 
> > > > 
> > > > This summer I reported https://gnunet.org/bugs/view.php?id=4625
> > > > 
> > > > > 
> > > > > > 
> > > > > > 
> > > > > > For many kinds of applications we need to authenticate
> > > > > > incoming
> > > > > > connections as coming from a certain person or at least
> > > > > > from a
> > > > > > certain peer. The exit daemon is currently not providing a
> > > > > > way to
> > > > > > find out who is calling. Resolving the virtual IP number
> > > > > > would be
> > > > > > the most backward compatible method. Best if it resolves to
> > > > > > the
> > > > > > same "hostname" as the matching outgoing <nickname>.gnu, or
> > > > > > even
> > > > > > uses the same virtual IP as an outgoing VPN tunnel would
> > > > > > use.
> > > > 
> > Yes, this is what reverse resolution is for. The only thing you can
> > know about the "caller" is his peerid/identity, at best. 
> > Now, the question is how you find a path from _your_ identities to
> > that
> > peer. The other way around not necessarily useful.
> 
> We need to distinguish:
> 
> * reverse resolution of a (VPN) IP address to GNS name
> * reverse resolution of GNS Zone key to GNS name
> 
> You are both confusing / confounding the two.  In my view, they are
> likely to require very different methods to tackle.
> 

Hmm can you explain why you think that? I think what he tried to say is
that basically GNS delegations are not needed in the secushare design
as rendezvous/places are used for introductions leading to <x>.gnu
names anyway. alice.bob.gnu is not a valid use-case then.
After introduction you would end up with myalice.gnu anyway. As such
translating k.zkey back to alice.bob.gnu is not reasonable either
because it would directly translate to myalice.gnu.
In fact, being able to link alice.bob.gnu across multiple paths (in the
social graph) might be unwanted and lead to deanonymization.

I think I know where it is going. But I do not find it particularly
practical.

@lynX: Btw. in response to the other mail: the one arguing
ideologically here is you, not me. You think that reverse lookups are
not useful _in your design_ and in your _"better" world_ of secushare.
So whenever you say reverse resolution is wrong or it has no use case
you always have to say "for secushare". This is what irritated me as
well.

BR
Martin

> 
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnunet-developers

signature.asc
Description: This is a digitally signed message part