From Baby Zebra, 11 Years ago, written in Plain Text.

URL http://geopaste.scratchbook.ch/view/3a428362

Embed

After some amusing discourse with the folks on i2p's IRC, I've come to the realization that there are a large number of misconceptions about cjdns, and its suitability for a particular purpose. This post will center around two lists, one of things that cjdns does not do, and probably won't ever do, the other of things cjdns does that are of interest because other solutions don't do them, or have chosen other solutions to the same problem.

Without further ado, here are the have-nots:

Anonymity. This is a big ticket item, and the most common misconception I've heard complained about. Cjdns is not Tor, i2p, freenet, or any of their friends. Cjdns happens to, as a side effect, not reveal your IP address directly to users of a service or to providers of a service, other than your cjdns address. This is not anonymity, and treating it as such can only hurt you. Your node is identifiable based on the path taken to it, which is clearly visible to anyone along the path. If you are looking for an anonymous real-time darknet, i2p fits the bill, as does the use of Tor's .onion domains.

Name service. While we may some fine day have this, we don't have it now. We do have services like HypeDNS that allow you the use of a nameserver overlay, which means you can publish a name, however that's very much a hack. This is an important item, as cjdns' man in the middle protection relies on you being able to check a public key against an address, and if the address can be replaced with another (by man in the middling your name service), then your whole session can be intercepted. In i2p this is handled with what basically amounts to a hosts file for the .i2p domain space, and all of the major darknet, meshing, and peer to peer systems have worked on mechanisms for resolving names for some time. Namecoin is a currently functioning service, though not very popular at the moment.

Persistence. When your cjdns instance is offline, any services or sites you host are offline. This is mostly in comparison with Freenet, and not a misconception I've seen in action yet, but I feel it's important to mention. Cjdns routes packets, it does not host sites of any kind without you running some server software behind it. If you're looking for that sort of thing, the answer is Freenet.

A gateway. Cjdns will not under any condition take you out to the internet. It can route you to a proxy, or to a gateway host, but it's up to the user's software to tunnel their outbound traffic, and non-cjdns packets will be dropped by cjdroute unconditionally. If you want to surf the open web anonymously, you're looking for Tor.

With that being said, here are a few unique (and not so unique) things it does have:

No central authority. Cjdns addresses are not allocated or pooled, they are directly generated from a cryptographic key with no confirmation from the network. The design allows for anycast to work simply by two nodes sharing the same public key, and there is no central server, nor in fact any software needed to run the entire network except for the same daemon all the peers run.

Actual IP addresses, real TCP/IP. Cjdns does route IPv6 packets as part of its basic function, and cjdns addresses are IPv6 addresses in the yet-unallocated IPv6 private space fc00::/8, and services are hosted using a normal network stack, without the use of proxies or gateways.

Non-homogeny. Cjdns is designed to work on mixed networks with very flexible operational parameters. Cjdns provides its own link-layer protocol effectively, which is currently mostly tunneled using UDP, however it could work with few design changes directly on ethernet, or on 802.11.

End-to-end encryption. This is very important to any system, and just like i2p or Tor .onion services, cjdns encrypts every single packet.

Point-to-point encryption. This is less critical, but more important for using cjdns in an unfriendly environment. Packets between two hosts, after the cryptographic session is established between them, look like random noise, with no identifying pattern other than the UDP port the traffic is sent on.

End-to-end signatures and node identity confirmation. This is somewhat special, as it's more closely related to IPsec than to a darknet. This and the lack of anonymity are mostly what set cjdns aside and make it totally unsuited to building a darknet. Any node sending an IP packet or route advertisement of any kind will sign it, verifying that it was the sender, forward and back, no matter the carried protocol. If you have the correct cjdns address for a host, it is not possible to inject packets into the stream, as each end will simply see a bad signature, and drop the injected packets.

Some points are also relevant to discussion, but not very valid. Some examples:

<other software> uses Java!

Yes, yes it does. And? Java, like any language, can be done well, or done poorly. This is not an argument against either i2p or freenet.

<software> is so much better than <other software>!

Facts, please? For the most part, the software packages available to us now could actually complement each other, simple VPN software, cjdns, i2p, tor, and freenet could all live in harmony on the same machine, doing cool stuff like adding some cjdns peers over i2p.

TL;DR: cjdns is not tor, i2p is not a wireless meshnet, tor is not a darknet, and freenet doesn't route.

http://www.reddit.com/r/darknetplan/comments/z61j4/concepts_and_misconceptions_an_adventure_in/

Replies to cjdns misconceptions

Title	Name	Language	UNIX	When
Re: cjdns misconceptions	Sexy Panda	text	1475788317	8 Years ago.

Author

Title

Language

Your paste - Paste your paste here

After some amusing discourse with the folks on i2p's IRC, I've come to the realization that there are a large number of misconceptions about cjdns, and its suitability for a particular purpose. This post will center around two lists, one of things that cjdns does not do, and probably won't ever do, the other of things cjdns does that are of interest because other solutions don't do them, or have chosen other solutions to the same problem.
Without further ado, here are the have-nots:
Anonymity. This is a big ticket item, and the most common misconception I've heard complained about. Cjdns is not Tor, i2p, freenet, or any of their friends. Cjdns happens to, as a side effect, not reveal your IP address directly to users of a service or to providers of a service, other than your cjdns address. This is not anonymity, and treating it as such can only hurt you. Your node is identifiable based on the path taken to it, which is clearly visible to anyone along the path. If you are looking for an anonymous real-time darknet, i2p fits the bill, as does the use of Tor's .onion domains.
Name service. While we may some fine day have this, we don't have it now. We do have services like HypeDNS that allow you the use of a nameserver overlay, which means you can publish a name, however that's very much a hack. This is an important item, as cjdns' man in the middle protection relies on you being able to check a public key against an address, and if the address can be replaced with another (by man in the middling your name service), then your whole session can be intercepted. In i2p this is handled with what basically amounts to a hosts file for the .i2p domain space, and all of the major darknet, meshing, and peer to peer systems have worked on mechanisms for resolving names for some time. Namecoin is a currently functioning service, though not very popular at the moment.
Persistence. When your cjdns instance is offline, any services or sites you host are offline. This is mostly in comparison with Freenet, and not a misconception I've seen in action yet, but I feel it's important to mention. Cjdns routes packets, it does not host sites of any kind without you running some server software behind it. If you're looking for that sort of thing, the answer is Freenet.
A gateway. Cjdns will not under any condition take you out to the internet. It can route you to a proxy, or to a gateway host, but it's up to the user's software to tunnel their outbound traffic, and non-cjdns packets will be dropped by cjdroute unconditionally. If you want to surf the open web anonymously, you're looking for Tor.
With that being said, here are a few unique (and not so unique) things it does have:
No central authority. Cjdns addresses are not allocated or pooled, they are directly generated from a cryptographic key with no confirmation from the network. The design allows for anycast to work simply by two nodes sharing the same public key, and there is no central server, nor in fact any software needed to run the entire network except for the same daemon all the peers run.
Actual IP addresses, real TCP/IP. Cjdns does route IPv6 packets as part of its basic function, and cjdns addresses are IPv6 addresses in the yet-unallocated IPv6 private space fc00::/8, and services are hosted using a normal network stack, without the use of proxies or gateways.
Non-homogeny. Cjdns is designed to work on mixed networks with very flexible operational parameters. Cjdns provides its own link-layer protocol effectively, which is currently mostly tunneled using UDP, however it could work with few design changes directly on ethernet, or on 802.11.
End-to-end encryption. This is very important to any system, and just like i2p or Tor .onion services, cjdns encrypts every single packet.
Point-to-point encryption. This is less critical, but more important for using cjdns in an unfriendly environment. Packets between two hosts, after the cryptographic session is established between them, look like random noise, with no identifying pattern other than the UDP port the traffic is sent on.
End-to-end signatures and node identity confirmation. This is somewhat special, as it's more closely related to IPsec than to a darknet. This and the lack of anonymity are mostly what set cjdns aside and make it totally unsuited to building a darknet. Any node sending an IP packet or route advertisement of any kind will sign it, verifying that it was the sender, forward and back, no matter the carried protocol. If you have the correct cjdns address for a host, it is not possible to inject packets into the stream, as each end will simply see a bad signature, and drop the injected packets.
Some points are also relevant to discussion, but not very valid. Some examples:
&lt;other software&gt; uses Java!
Yes, yes it does. And? Java, like any language, can be done well, or done poorly. This is not an argument against either i2p or freenet.
&lt;software&gt; is so much better than &lt;other software&gt;!
Facts, please? For the most part, the software packages available to us now could actually complement each other, simple VPN software, cjdns, i2p, tor, and freenet could all live in harmony on the same machine, doing cool stuff like adding some cjdns peers over i2p.
TL;DR: cjdns is not tor, i2p is not a wireless meshnet, tor is not a darknet, and freenet doesn't route.

http://www.reddit.com/r/darknetplan/comments/z61j4/concepts_and_misconceptions_an_adventure_in/

Create Shorturl - Create a shorter url that redirects to your paste?

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

cjdns misconceptions

Replies to cjdns misconceptions

Reply to "cjdns misconceptions"