#saltr (irc2p) | I2P+ 2.7.0-10+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

uop23ip "N" routers, lol

dr|z3d yeah, they seem to be over-represented right now, orignal

darius im sure a mathematician would enjoy reading that cryptography page more, i'm no crypto expert unfortunately but i gather from that page that the form of encryption used for b32 destination addresses is "RedDSA-SHA512-Ed25519 (as of release 0.9.39)". The quote "Signature type is encoded in the Destination and Router Identity, so that new signature algorithms or curves may be added at any time" is about i2p

darius options in the future, not about webmaster options, i'm just trying to understand how the "Additional address for foo.i2p" can be dropped in securely (authenticated).

darius It sounds like i can have one tunnel open up multiple possible b32 LeaseSets to different "homes" where my site might be multi-homed at, but how to add those b32, when i maybe just have the one currently? Maybe name registries have instructions so i'll look there, but for now i must go, do leave msgs if you know, the trick may lay in using openssl commands

dr|z3d don't worry about it, darius, unless you have a website with a hostname created several years ago, you don't need dual addresses.

darius i'm interested from a protocol understanding perpective, also for multi-homing with friends, running untrustable malware like windows

darius i dont want them to be using a master key

dr|z3d you can create an "offline" key with a fixed expiry date. don't ask me how, it's black box tech.

darius ok cool, and they can conceivably be given out by the name registries as "Additional address for foo.i2p" or is that only for entirely new forms of cryptography and do I have to configure my server tunnel to do whatever multi-homing magic? if its about entirely new formats of crypto, out of interest in cyphersecurity, are those new keys signed in any way by the old key in a way that is accessed by every router

darius themself, or is there a process that people went through just to appease the registries, and the registries could just staple on whatever new format key they want they just chose to be good and give the real keys? Sorry if this sounds academic but i really am interested in the process.

darius "**assessed** by every router"

dr|z3d at the simplest level, you'd share your private key, let's say for same of argument to more than one router you're running.

dr|z3d you'd then copy that key to .i2p/ and then point to the key in the tunnel definition.

dr|z3d then, on each multi-homed instance, you'd tick the box in the tunnel config that says "optimize for multi-homed".

dr|z3d the tunnels on the various routers should now share the same address/b32. make sure your hostname is the same for all.

darius thanks, so thats the "simplest" (implies existence of "complex" :D

orignal uop23ip good point )))

orignal dr|z3d do you it's worse to exclude them from client tunnels?

orignal *worth

dr|z3d orignal: I'm pretty sure we exclude them by default in +, KLMN don't get used iirc.

orignal zzz, can you confirm?

dr|z3d that way, for any given client tunnel, the min bandwidth is ~130KB/s

dr|z3d it's a + thing, canon doesn't exclude O.

orignal I pick them because they are considered as "high bandwith"

orignal accroding to I2P specs

dr|z3d 66-130KB/s I'd say is very mid-tier, bordering on slow.

orignal basically what happens

dr|z3d when ADSL was all the rage, maybe they were considered high bandwidth.

orignal they become overloaded quickly )))

orignal with today's streming implemntation

dr|z3d well, exclude them from your client tunnels then, that's what we do in +

dr|z3d if you want to get fancier, have a sliding scale for exclusion.

orignal whouldn't it produce too much overload to O,P and X routers?

dr|z3d doubt it, there are plenty of O,P and X routers out there with b/w to spare.

orignal but where "N" come from?

dr|z3d who knows?

orignal Java-I2P developers should know ))

orignal why users set N

dr|z3d it's probably another attack

dr|z3d you know, one master config deployed all over.

darius re multihoming: as stated i can't give the master private key to an mswindows user, but i really must go feel free to get back to this topic when less busy. re bandwidth: 28kb/s for BEST MOST ULTIMATE LIMIT

RN *** stares quizzically at 28kb/sec ***

darius for fancypants ppl 56kb/s total extreme, mentally dependent limit

orignal *** remebers 9600 B/s ***

dr|z3d you know there's a village in spain where the predominant language is whistling, darius?

dr|z3d if you get good at whistling, maybe you can emulate a modem and go faster.

darius hah.... alas i really wheely must go, i bid adiou

orignal I have US Robotics in my desk ))

orignal for COM port

RN I remember a dialup modem that was 56k

RN darius is bandwidth challenged?

RN yes orignal usrobotix

RN the sounds it used to make

RN ))

RN had one for com port, and one for whatever macintosh used at the time

orignal I have prenty of boxes with com ports

orignal but don't have a phone line ))

dr|z3d seeing a ton of unsolicited DbSearchReply messages round about now. another attack?

orignal most likely

dr|z3d looks like FXR routers

dr|z3d FXR, FPR..

orignal Transit: 460.52 GiB (3265.02 KiB/s)

orignal too much transit

orignal what is "F"

orignal ?

dr|z3d F = f.

dr|z3d floodfill.

orignal I don't see number of floodfills growing

dr|z3d no, not suggesting they are, just suggesting the searchreply msgs are originating from a small cadre of floodfills.

dr|z3d too much transit...

dr|z3d you know what I'm going to tell you, orignal... :)

dr|z3d implement some throttling!

orignal not too much

dr|z3d sooner or later you'll come onboard.

orignal during last attack it was 7-8

orignal 3 is not an issue at all

orignal just more than usual

dr|z3d sure, 3 isn't huge, but what about the diversity of routers using that much b/w?

dr|z3d there are probably 1/2 dozen using most of it?

orignal diversity and inlusion ))

dr|z3d :)

dr|z3d I wasn't trying to trigger you, so behave :)

orignal afaik every i2pd "X" router has transit like this

orignal or you are afraid that i2pd routers is a botnet itself?))

dr|z3d haha, no. not of itself, no, but entirely probable that there are botnets running i2pd.

orignal i2pd routers serve majority of transit traffic

orignal so what's wrong with it?

dr|z3d better that the traffic is spread out all over the network.

orignal do you remeber the situation in 2015?

dr|z3d remind me.

orignal when the network alomost stopped completely

dr|z3d congestion collapse?

orignal because almost every routers returned 30 to TBR

orignal Vuze guys did something wrong

orignal like set low participation rate of so

orignal and all routers got overloaded and returned 20

orignal I literally say 30 for all 3 records

orignal although traffic and number of tunnels were huge

dr|z3d we're bigger now, more resilient, and we generally have better mitigations for shitty routers.

dr|z3d one of the mitigations is TBR throttling :)

orignal because i2pd routers were able to handle this amount of shit

dr|z3d bah, java does just fine, too.

orignal smmetimes I saw 100K+ transit tunnels

orignal yes, because it just rejected most of requests

orignal I don't know how you define "fine"

orignal my point is

orignal that i2pd routers keep accepting and transitting traffic while Java routers just drop it

dr|z3d we try not to accomodate shitty routers.

dr|z3d fine is 40MB/s

dr|z3d if we see a single router sending an unreasonable number of TBRs, sure, we'll decline to route. sane.

dr|z3d let other routers have a go, and pass the traffic around.

orignal But since I remeber what happened in 2015

orignal it's worth to have extra power in the network

dr|z3d who knows, if i2pd did that, maybe the network would be functionally faster.

dr|z3d you could always implement throttling as + does, more or less.

dr|z3d throttle by default, with a boolean config override for anyone who wants to handle everything.

orignal we are back in square one

dr|z3d no, we're at circle 2.

dr|z3d :)

orignal one we have this limits in the specs I will implemnt

dr|z3d zzz: orignal's provoking you to update the specs ^ :)

orignal because I have to explain to guys

orignal why is thsi and what's for

dr|z3d it's easy enough to explain. traffic disytributed over more high bandwidth routers makes the network more responsive.

orignal it's only your personal opinion

orignal and again

orignal why don't you add this to profile

dr|z3d it's pretty obvious. a router handling say 3K tunnels with 100MB/s bandwidth will be more responsive than the same router handling 20K tunnels.

orignal and not build tunnel through same routers too often

orignal it's easy

dr|z3d we don't.

orignal no difference

dr|z3d client tunnels and transit tunnels, different.

orignal if my router handles 20K tunnels with 100Mb bandiwth it means it has rources for it

dr|z3d as I mentioned before, in canon i2p, no single router in more than 30% of client tunnels, 10% in +.

orignal *resources

dr|z3d I'm not suggesting your router can't handle the number of tunnels, that's besides the point.

dr|z3d your router is going to, by definition, be less performant per tunnel than a router handling 3K tunnels. more tunnels is not more better, more tunnels is more lag per tunnel.

orignal what's a difference between handling 100 and 100K tunnels?

orignal as long as you have CPU

RN so by trying to handle everything you slow everything down

orignal slow in what sense?

dr|z3d so let's say you have a cpu with 100K threads. great. no slowdown..

orignal 100% per core? Qeue somewhere?

dr|z3d or rather, not 100K threads, 100K vcores.

orignal same thread

dr|z3d otherwise there's some time slicing involved.

orignal no difference if 100 or 100K tunnels

orignal core usage like 5-10%

orignal lookup per tunnelid is hash

orignal contant time

orignal bandwidth is more resource consuming

dr|z3d well, my theory stands. distributing the traffic to more high bandwidth routers should speed up the network.

dr|z3d I occasionally read about Tor having similar issues.

dr|z3d Too much of the traffic handled by too few nodes.

orignal not our case

orignal plenty of nodes handle a lot

dr|z3d ok, let's switch tack..

dr|z3d what about client tunnels in i2pd, do you limit the percentage of tunnels a single router can be in?

orignal yes we have that option

dr|z3d is it a default?

orignal transit can be 100%

orignal that's default

dr|z3d what do you mean, transit can be 100%? I'm asking about client tunnels and the presence of any given router in client tunnels as a percentage.

dr|z3d so if I have 100 client tunnels, and my limit per router in 10%, then a single router can only feature in max 10 of those client tunnels.

dr|z3d does i2pd implement something like that?

orignal no we don't check it yet

orignal going to do it

dr|z3d ok, that's a good thing to do from a security standpoint. you don't want a single router participating in too many of your own client tunnels.

orignal agree

dr|z3d up to you what percentage you choose, as I mentioned, canon in 30%, + is 10%.

orignal ideally one one occurence

orignal but it depends on your size of netdb

dr|z3d so a single router can only appear once in all your client tunnels?

orignal yes like this

orignal + some random variance

orignal to prevent information leak

orignal I would 1 + variance 1-5

orignal say

dr|z3d up to you. 10% seems to give me what I want, namely no single router occupying too much client tunnel space.

dr|z3d and that's with an exclude KLMNU policy

orignal risky

orignal if you have contant 10%

dr|z3d there is no 10% constant, it's a max 10%.

orignal advesary can guess which tunnels are from the same owner

dr|z3d so if 10% is risky, what about 30%?

dr|z3d because 30% is canon i2p.

orignal doesn't matter

orignal I don't like such contants

orignal set it with variance

orignal 10% + 20% variance

dr|z3d right. you like random. orignal <3 entropy.

orignal yes

orignal I prefer variance

dr|z3d ok, not difficult to adjust.

orignal so and advasry never knows if it's 10% or 30%

dr|z3d 30% too much.

dr|z3d maybe vary between 5 and 10%.

dr|z3d and an adversary has no way of knowing how many client tunnels you have, so that mostly defeats any attempt to work out what percentage of tunnels he's in.

dr|z3d eyedeekay: we got error 500 on git.idk

zzz confirm what?

Irc2PGuest40605 <dr|z3d> "sure, 3 isn't huge, but what about the diversity of routers using that much b/w?" can i just say for the past few days the outproxies i use havn't been working for the meagre things i asked them to do, dunno if its related

Irc2PGuest40605 they dont even connect anymore, canon i2p

Irc2PGuest40605 i got one successful connection in a handful of days

orignal confirm that you don't pick "N" for client tunnels

orignal zzz, people complain about snark

orignal if it can't connect at start it doesn't try to reconnect again after a while

zzz no, not true, we only avoid K/E/G

orignal also for cleint tunnels?

zzz correct

orignal if you build a tunnel through L it doesn't make sense

orignal because in modern internet you expect much more traffic

zzz L routers deserve some love too ))

orignal exploratory tunnels

orignal or low loaded

orignal I'm thinking to instroduce additional param hike "high loded" to pick "P" and "X" only

zzz re: snark, if autostart config is enabled, it should keep trying

orignal how one can enable it?

zzz it's on the configuration page. but I think it defaults to on

dr|z3d the param name wouldn't be high loaded, orignal, that suggests congestion. high bandwidth, perhaps.

dr|z3d or high_bw

dr|z3d re snark, in canon the default may well be "off" for autostart, I think it's "on" in + snark. might be wrong.

zzz DEFAULT_AUTO_START = !ctx.isRouterContext();

dr|z3d there we go, confirmed, thx zzz.

dr|z3d DEFAULT_AUTO_START = true;

dr|z3d we don't care if you're standalone or embedded.

uop23ip Has been thought of a kind owncountryphobic feature? Like no direct connection to peers of own country for transit or no tunnels with a gateway of my own country?

dr|z3d sure, if you're in hidden mode then that happens.

uop23ip but then no transit

dr|z3d correct

uop23ip would this phobic behave have negative impact on the network if transit? Isn't it the same as the router filtering above?

uop23ip short: why isn't there a "no direct connection to own country peers for transit tunnels"?

dr|z3d BAD network -> A2nGir

dr|z3d also, a smattering of routers with future RIs being spotted recently.

not_bob I agree, snark, if it loses connection can be a problem. It should try to reconnect.

darius is there an answer on how upgrade to new crypto for i2p works, does every router need to see the new crypto key signed by the old crypto or do we just trust registrarsat this point?

darius also for multi-homing can i have different keys for different frens

RN that's not what multihoming is darius

RN multi homing is having different computers in different places serving up the same site (resource)

RN what it sounds like you want is the site to be different per user. you need some kind of login, or some kind of nginx magic or such

RN you don't need to do anything for "new crypto" that upgrade hit the network quite a while ago

RN the "new crypto" that was mentioned recently is more about backward compatibility with sites created long ago

RN different keys for differnt friends: not how it works, key is for a destination, you would give friends same dest (b32 or registered url) and the webserver would have the job of handling login/identification and serving different content to each

RN unless your intent is to manage a separate site for each person, then you'd give each a unique destination and run a different site for each user. better to just have them login/identify in some way

darius so for multi-homing what i mean is a few different b32, because simply I cant fully trust the systems of the people who may want to help me host something, so the other servers would have a different b32 but i want them included for the same destination

darius the "new crypto" thing is an almost academic but real curiosity for me because i saw "Additional address for foo.i2p" in the addressbook logs and im wondering on the process for that do

darius did the new crypto get authenticated and checked at every router or was that just a "trust the registries" event?

darius for the multi-homing, i'm thinking of whether there's a way to configure the master server tunnel to say, "u don't just have to use me, try X,Y or Z destinations, for this tunnel too?" i retain masterkey status and the other b32 are just signed by my master b32 key for say, 1 year?

dr|z3d multi-homing = multiple routers hosting a *single* destination. what you want is offline keys with a set expiry date. as mentioned before, a bit of a black box. ask zzz about offline keys.

darius may i ask what makes them 'offline' keys? they need to be online so they can encrypt the traffic with a key and send that info.

dr|z3d shinobi.i2p is your friend.

darius yay more frens :)

zzz this whole convo is a jumbled mess combining 1) multihoming 2) crypto migration 3) offline keys 4) per-user keys 5) addressbook multiple dests 6) addressbook subscription entry signatures and I don't even know what else

zzz are you throwing out ideas and asking if we might support them someday, or are you trying to do something and asking how to

darius i was pretty precise over the past day, during i saw "Additional address for foo.i2p" in the addressbook logs and im wondering on the process for that. Did the new crypto get authenticated and checked at every router or was that just a "trust the registries" type event? Were the new keys signed by the old keys and was that process of authenticating the new keys done by the many regular routers or just beamed

darius down by keyservers.

RN crypto migration is a non-issue. old news and it was done correctly.

zzz answers here i2p-projekt.i2p/spec/subscription

darius cool

RN offline keys would let you give your friends a copy of your /docroot and give you the ability to revoke them being able to serve your site if they turned out not to be a friend

RN I think that is the main thing you've been circling around, throwing in lots of distracting unrelated contributions to the converstation from other confusing your issue

RN it is a complex thing to set up, and zzz is indeed the expert on how to do so.

RN s/other/other people/

RN I really need to deploy it myself and make additional notes

darius the convo started with me asking if registries can just change the b32 a person has in their router and it was explained to me that that is not possible, the system would just log errors for that. i was curious to see if there were any such errors in the log and there wern't any only those "Additional address for foo.i2p" entries. :) things in the works but gotta be slow and methodical about it

RN that has been explained, it is because old sites and is not a matter for concern

darius yes yes i know and have reading to do, jus explaining how convo evolved

RN if one of our long trusted registrars were to tamper it would be noticed and people would stop using that registrar

RN but you keep bringing up stuff that has been answered, and bringing up more issues each time instead of focusing on what you are trying to do

RN I agree your 'converstaional' interactions are quite chaotic and hard for people to keep up with.

darius hang on so, now you are saying something different, you are saying it IS technically possible for a registrar to change a b32? its just that they dont out of fear of reprisal

darius or if they did the error logs would alert ppl

darius is that what u mean?

RN they can not change the b32 your register your url to. If they tampered with the data in an effort to hijack a stie it would be noticed quite obviously.

RN yes it would be in error logs and other hints users would notice. it isn't an issue. sure it is possible a registrar COULD try giving wrong info but it would not happen in secret and there would be news announcments and tweets and such

darius k

RN you are chasing a red herring

RN the registrars are trustworthy and watched closely

RN so, am I correct that your goal is to have friends help you host your site when your computer is off?

darius yes but im trying to get to the crux of it, the failsafe part is that attempts to change the b32 are ignored by the addressbook, yes?

darius ignored and error og

darius *logged*

RN IF a registrar tried to give a modified entry, the user would be presented with a conflict notice when trying to load the site

RN and a log notice

darius Ah, the same as the bung link isse drz3d mentioned yestee

RN so, yes. this issue was well thought out. it is not something likely to happen, and if it did, everyone would know fairly quickly.

RN so can we move on from the paranoia about spoofed data and crypto migration. these issues were handled long ago by people much smarter than you and I

RN registrars have little to do with your site being multihomed.

darius but that error will only appear when someone is trying to access the site. What if the bad address is given during a routine 24 hour download of the addresses in the addressbook, then its only an error in the logs and an ignore?

RN omg

darius i know. This is MY interest in crypto, if its answered on the page i'll go but if not lets talk

RN go look first

RN just let go of it. it isn't gonna happen. and if and only if it did, hypothetically, everyone would know.

RN you don't need to understand quantum electrical fields to operate your toaster.

RN if you want read the docs and specs and code and walk through things step by step, more power to you. but you seem to be getting stuck on things that are non issues.

RN who cares the spin of the electron as long as your bread turns into toast.

RN ;)

RN at this rate, darius won't get a site up until I2P 726-0.5

darius its important because we have that wonderful abstraction that is human-readable.i2p addresses. i'm a protections person i like to have protections for nice things like helmets for my thick skull, like a nicely preened feather to repel cold droplets from a ducks back, and like an ignore function for attemots to change b32s

darius the site isnt working atm i2p-projekt.i2p/spec/subscription

Irc2PGuest70981 darius: human readable i2p addresses are less secure than using base32 addresses

Irc2PGuest70981 honestly they should be eliminated. users should copy and paste base32 addresses from secure sources.

RN there is some truth to that mesh@j6.i2p

RN but adoption

RN and the risk of having a registered site is imho minimal unless you are hosting something really unsavory

RN even then... not tracable to you if you do things right

darius if someone says that attempts to change a b32 are ignored by i2p, if they say that to change a b32 a person needs to intervene by deleting the entries in there address book and then a new b32 will be accepted then that all I care about...i'll run along

RN darius, did you try the reload button at least three times?

Irc2PGuest70981 darius: literally all of your problems go away (and they are real legitimate problems) go away if you ignore human readable addresses and pretend they don't exist

Irc2PGuest70981 darius: you have literally no idea what the various i2p router implementations may or may not do when it comes to the "registrars" and the naming system

RN mesh I think your perspective is overly paranoid. but to each their own.

RN darius, i2p-projekt.i2p/spec/subscription loads fine for me. did you try at least three times?

Irc2PGuest70981 as I've said before, what you should do, and what I do, is pretend human readable addresses don't exist. if users want to access any of my sites they need to obtain a xml file (cryptographically signed by me) that says these b32 addresses are for X, Y, Z

darius i did try 5 times :) ok so can i suggest a IIP (i2p improvement proposal): ignore attempts to change a b32 OR log them and give the message that I proposed yesterday

Irc2PGuest70981 then they copy and paste b32 addresses directly into the browser

RN that works fine if you want to curate your user base.

Irc2PGuest70981 one of these days I'll probably write my own i2p proxy server that makes everything nice and easy

RN let us know when you do mesh@j6.i2p

RN ;)

Irc2PGuest70981 darius: there is no solution btw

RN if you want to put a site out there for all to access, a url is much better than a b32

Irc2PGuest70981 darius: even if you somehow manage to convince them to change the java router implementation there are other router implementations out there

Irc2PGuest70981 darius: you cannot rely on routers to do the right thing. there are lots of malicious i2p routers out there doing bad things. see also: the last 2 years

darius "Maybe on dashboard, a single sentence "Since X (earliest date), N b32 i2p addresses have changed. Click to be informed of changes."

Irc2PGuest70981 if you're worried about naming authorities silently changing the name->b32 mapping the only solution is to avoid naming authorities and do your own naming

RN already covered that mesh

RN you are just confusing them more

RN darius, i2p-projekt.i2p/spec/subscription loads fine for me. did you try at least three times?

Irc2PGuest70981 btw silently changing your b32 address isn't the worst case scenario. you cannot rely on i2p itself as a identity mechanism as a general rule

RN I disagree with that. you absolutely can. and any mal-acting registrar would be outed quite quickly.

darius i did try several times RN. If a change of b32 happens so rarely, just list the errors verbatim from the address book logs in the dashboard.

Irc2PGuest70981 and you should, in the event of a dos attack or other more subtle de-anonymization techniques, be prepared to throw away all your existing b32 addresses and change to new ones

Irc2PGuest70981 RN: well you can if you're an idiot

Irc2PGuest70981 but i2p is a routing protocol

RN if you loaded i2peek-a-boo.i2p ten years ago, and load it today you are cryptgrahically assured it is still my site.

Irc2PGuest70981 using it for identity is an absolute mistake. I speak from experience

RN the private keys are the identity

Irc2PGuest70981 private keys are more like name tags

RN as long as you don't leak those you are fine

Irc2PGuest70981 RN: not if I dos your b32, then you're sol until you change to a new one

Irc2PGuest70981 and there are worse things

Irc2PGuest70981 in the real world there's a thing called key rotation

RN if you can dos my b32. good luck with multihome.

Irc2PGuest70981 hehe multihome won't save you. postman is multihomed up the wazoo and still falls over

Irc2PGuest70981 but my general point is that there's a reason why people rotate keys

Irc2PGuest70981 the i2p naming system could be changed to work correctly, but it would involve much more than darius' proposal

RN comes down to your threat model and personal paranoia quotient

Irc2PGuest70981 you'd want people to be able to attest to a naming authority that they are providing service X at b32 and this attestation itself would be secure and relayed to clients

RN more bikeshedding

Irc2PGuest70981 RN: btw it's not about a "malicious naming authority". even if you trust the naming authorities (and you have to if you want human readable names) at any second a naming authority can be hacked

j6 you could be hacked just as likely

Irc2PGuest70981 that's why you don't trust naming authorities unless they are simply relaying cryptographically signed documents

RN sure, and if hacked and it tried to do something malicious it would be noticed quickly

darius key rotation is fine, but it needs to be done cryptographically attested yes

Irc2PGuest70981 RN: it would likely never be noticed unless somebody actually sat down and tested the mapping themselves

j6 good thing that i2p doesn't have any naming authorities >;P

j6 unless the haxx0r is SPECIFICALLY out for JUST you, it's unlikely they'd be invisible

j6 they'd be changing plenty of records, most likely, and that would be noticeable

Irc2PGuest70981 j6: that's exactly what the hacker is out for dumbass

Irc2PGuest70981 why would they change everything and increase the chance of being discovered

j6 because they have other people to go after?

j6 why are you so very unique?

Irc2PGuest70981 once you own one of the address books you'd keep it real quiet and behave good 99.9% of the time

RN any worthwhile target has users. these users would notice the conflict message

j6 tbf, you might not have such messages on i2pd or other implementations, necessarily

Irc2PGuest70981 yes, that's the only real safety. even if the naming authority is compromised the malicious server still can't identify end users... unless they're doing something stupid like pinning a client Destination to their web browser

RN there's enough java based users that it would be noticed

Irc2PGuest70981 RN: you're making a lot of assumptions

RN also, I bet notbob would notice. he's detected irregularities before that led to bug fixes

RN so are you mesh@j6.i2p

j6 relying on any specific individual to be around forever, is a very poor operational model

darius "these users would notice the conflict message" not unless it appears in some form on the dashboard

j6 lol

RN darius, it appears when trying to load the site in question. please pay attention to things that have been already said.

snex “Everything sucks and I’m a Java expert but no I won’t help fix it”

darius RN> "these users would notice the conflict message" not unless it appears in some form on the dashboard

RN no it appears when loading the site

RN some users don't look at the dashboard or logs often

RN when you try to load a site with a conflicting entry it comes up just like the 'lease set not found - maybe site is offline' message

Irc2PGuest70981 darius: there are no "users" or "dashboard". you keep thinking there's like one i2p router implementation out there that everybody uses and will do what you want. there are many, many, many implementations. i2p is a protocol not an application

j6 that sounds like a misleading error

RN I'm paraphrasing a page you have seen many times j6

j6 I haven't seen it

j6 because I don't use java i2p

j6 lol

RN ah, well that's your loss.

RN ;)

darius <j6> "that sounds like a misleading error" ... they menat LIKE those errors. Do we need a "Pending" address book where conflicting updates go?

RN darius, why are you adding new text after quoting someone? we don't need to quote someone who said something minutes ago, just use their name

RN you must be Russian, they like to quote each other back and forth like that.

j6 also leaving username out of the quotation is weird

j6 makes it sound like I said the entire line

RN exactly

RN that's probably due to their client cut/paste function

RN just immagine how the conversation "sounds" to someone using a screen-reader-tts

Irc2PGuest70981 darius is indeed a Russian agent probing weaknesses of the i2p network under the guise of wanting to run his own site

RN for once I agree meshhy

RN ;)

darius ok Do we need a "Pending" address book where conflicting addressbook updates go? Which would force a decision.

RN no, we don't need it

RN for java based i2p you make a decision when the conflict page appears, for i2pd idunno maybe an error message

RN j6, do you get some error message when you take a helper url and tweak one character (thus intentinally making it wrong just for the sake of testing)

j6 helper url? me no have such luxury ;P

j6 I guess I can try

darius During a routine download of the address book there is no error page. What happens then?

RN it does not download the whole address book each time.

RN the subscriptions provide incremental updates

darius does, every day or whatever the interval is, unless something has changed in the last year

j6 yeah I don't think i2pd does addresshelpers at all

RN and if something conflicted it would probably just be a note in the logs, I THINK it discards it if the url is already in your addressbook

darius confirmation of discard needed

RN let us know if you confirm it in the code before someone who knows speaks up, darius

darius repeating, for j6 who went offline, I just sought confirmation that conflicting addresses that are DLed are discarded

RN I can confirm, if you already have a url+b32/b64 already in your addressbook and get conflicting info from a subscription, the new info is definately discarded.

RN the user ultimately has control over their local addressbook.

RN and actually, the address book has the b64 format not b32.

RN darius, there is your confirmation.

j6 nice voice