On Mon, Jun 10, 2013 at 4:10 PM, George Kadianakis desnacked@riseup.net wrote:
FWIW, it seems that the I2P folks took a similar approach: http://www.i2p2.de/naming.html http://www.i2p2.de/hosts.txt
Unfortunately, I don't know how well that system has worked for them so far. It seems that their threat model doesn't include the adversary who hacks and alters the i2p2.i2p website or an evil operator of that site (although I guess that such an entity could also backdoor i2p anyway).
hosts.txt is not automatically fetched — it is bundled with I2P package, and can be extended manually by the user via several “redirect” services that are automatically used for a name that's not in hosts.txt. E.g., when hiddenchan.i2p is put into browser URL, the local I2P proxy, seeing that the domain is unknown, redirects to one of the services (located in .i2p namespace), resulting in an offer to confirm the eepSite public key (which is shown) to be added to hosts.txt (or just the current session).
-- Maxim Kammerer Liberté Linux: http://dee.su/liberte