[cryptography] Potential funding for crypto-related projects

danimoth danimoth at cryptolab.net
Thu Jul 4 12:15:32 EDT 2013


On 04/07/13 at 04:28pm, Michael Rogers wrote:
> I think the point is that i2p's decision to use a decentralised
> directory service led to the vulnerabilities described in the paper.

Uhm, I don't consider it a matter of centralization vs decentralization.
I think the point is how I2P select peers to communicate with; attacker
DoS'd previous high-performance peers, then replace them with nodes
under its control, and then do measurements to estimate the victim
identity. In the section 5 authors confirm that Tor shares with I2P
a number of vulnerabilities (for example, repeated measurements could be made
on hidden services). I consider myself a bit stupid, so I could be wrong.

> You can't separate principles from their practical effects. I agree
> with you that i2p's principles are great, but that shouldn't stop us
> from discussing their practical effects (including the bad ones).
> I don't like the idea that respect == not talking about problems. How
> are problems with i2p and Tor supposed to get fixed if we don't
> discuss them?
> 
> As for personal choice - yes, it's a matter of personal choice whether
> you prefer i2p's goals or Tor's goals. But whether those systems
> achieve their goals is not a matter of personal choice - it's a matter
> of objective fact that should be settled by examining the evidence.
>

I completely agree with you, I only disliked the "I2P is flawed, don't
use it but instead use Tor which is safe" tone used, as we all know that
no existing methods or systems are bug-free.


More information about the cryptography mailing list