Send message through dht. about kadnode HOT 7 CLOSED

KadNode doesn't do verification.
If you have an ip address, you can write your own verification system.
What KadNode could do better is to help you to integrate your verification mechanism.
Depending on your security; you could simply run a webserver that offers a specifc file
that you try to get using wget. If the the file matches your copy - then it is probably your node.

from kadnode.

I was thinking about how it can be made easier to hook up some verification or feedback system for the DNS interfaces so that it filters out 'wrong' IP addresses. That's a tricky one :)

from kadnode.

I think using the kademlia rpc to store values there could be somekind of handshake.
lets say I lookup for node couch.p2p and this gives me 2 ip adresses.So I must identify one of the two as the true.I know a secret that only the true couch.p2p knows.the couch.p2p rehashes my id based on that key and announce a new node id directly to me.that way I can knows who is the true node.Is that feasible?

from kadnode.

From a security standpoint there are some flaws (replay attack etc.). but it really depends on how secure and what type of security you want. Bittorrent for example doesn't need what you like to have. DNS in KadNode is meant as an interface. But I think it is important to enable users to add guarantees like traditional DNS.
The best way to achive your goal is to implement it outside of KadNode. That wouldn't pin down KadNode to a specific application need and security system.

Kademlia allows sending additional information in its message format, but the IP addresses
are likely to come from nodes that are not running KadNode. They won't store and forward additional information.
So this is not feasible using the Kademlia protocol. It has to be done outside of the protocol.

Back to possible solutions. Since DNS does allow only one IP address to be transferred (at least we only want one for the typical DNS usage), we need to filter/validate the IP addresses. That could be done by using a script that is called with an IP address and does the verification. The address is passed to the DNS interface when it passes the script.

Only problem is that calling a script is a nightmare to code. I hope there is a nicer solution. :)

from kadnode.

You could add an announce command that hashes the .p2p based on a secret?
something like "kadnode-ctl secret-announce couch.p2p secretcode".
It would be a bit safer.
The thing I am trying to avoid is the need to open ports on the clients.
I am using n2n (p2p vpn ) that only needs one supernode to have open ports on their modem.
For a script to run like wget it means the user has to open ports so it can be contacted.

from kadnode.

Hashing based on a secret is possible. It was implemented at one point.
But what it did was to append the secret to the value before hashing.
That is instead of foo.p2p, foo.mysecret.p2p was hashed. When you call KadNode
using another program/script then it is trivial to append it outside of KadNode.
I saw very little to be gained from this feature so far and removed it.

from kadnode.

Since we get the address information not from the node itself, but other nodes, what you ask its not possible. But there are workarounds outside of KadNode. KadNode may need an a way to help users to do verification when using the DNS interface. But that should be the topic of a new issue. :-)

from kadnode.