cheng/wallet
0
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shortening names

Browse Source 
Preparatory to creating a proper link browse structure
This commit is contained in:
reaction.la 2022-07-08 17:05:24 +10:00
parent a7e2e65b62
commit 40dc88a37b
No known key found for this signature in database
GPG Key ID: 99914792148C8388
8 changed files with 144 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/index.md
View File

@ -145,4 +145,4 @@ worth, probably several screens.
- [How to do VPNs right](how_to_do_VPNs.html)
- [How to prevent malware](safe_operating_system.html)
- [The cypherpunk program](cypherpunk_program.html)
- [Replacing TCP and UDP](replacing_TCP.html)
- [Replacing TCP and UDP](names/TCP.html)

2
docs/libraries.md
View File

@ -833,7 +833,7 @@ which could receive a packet at any time. I need to look at the
GameNetworkingSockets code and see how it listens on lots and lots of
sockets. If it uses [overlapped IO], then it is golden. Get it up first, and it put inside a service later.
[Overlapped IO]:client_server.html#the-select-problem
[Overlapped IO]:server.html#the-select-problem
{target="_blank"}
The nearest equivalent Rust application gave up on congestion control, having programmed themselves into a blind alley.

2
docs/names/replacing_TCP.md → docs/names/TCP.md
View File

@ -91,7 +91,7 @@ ECN tagged packets are dropped
Raw sockets provide greater control than UDP sockets, and allow you to
do ICMP like things through ICMP.
I also have a discussion on NAT hole punching, [peering through nat](peering_through_nat.html), that
I also have a discussion on NAT hole punching, [peering through nat](nat.html), that
summarizes various people's experience.
To get an initial estimate of the path MTU, connect a datagram socket to

127
docs/names/name_system.md → docs/names/names.md
View File

@ -11,10 +11,10 @@ to its name server, which will henceforth direct people to that wallet. If
the wallet has a network accessible tcp and/or UDP address it directs people
to that address (one port only, protocol negotiation will occur once the
connection is established, rather than protocols being defined by the port
number). If not, will direct them to a UDT4 rendevous server, probably itself.
number). If not, will direct them to a UDT4 rendezvous server, probably itself.
We probably need to support [uTP for the background download of bulk data].
This also supports rendevous routing, though perhaps in a different and
This also supports rendezvous routing, though perhaps in a different and
incompatible way, excessively married to the bittorrent protocol.We might
find it easier to construct our own throttling mechanism in QUIC,
accumulating the round trip time and square of the round trip time excluding
@ -205,6 +205,129 @@ hosting your respectable username that you do not use much.
We also need a state religion that makes pretty lies low status, but that is
another post.
#True Names and TCP
Vernor Vinge [made the point](http://www.amazon.com/True-Names-Opening-Cyberspace-Frontier/dp/0312862075) that true names are an instrument of
government oppression. If the government can associate your true name
with your actions, it can punish you for those actions. If it can find the true
names associated with a transaction, it is a lot easier to tax that transaction.
Recently there have been moves to make your cell phone into a wallet. A
big problem with this is that cell phone cryptography is broken. Another
problem is that cell phones are not necessarily associated with true names,
and as soon as the government hears that they might control money, it
starts insisting that cell phones *are* associated with true names. The phone
companies dont like this, for if money is transferred from true name to
true name, rather than cell phone to cell phone, it will make them a servant
of the banking cartel, and the bankers will suck up all the gravy, but once
people start stealing money through flaws in the encryption, they will be
depressingly grateful that the government can track account holders down
and punish them except, of course, the government probably will not be
much good at doing so.
TCP is all about creating connections.  It creates connections between
network addresses, but network addresses correspond to the way networks
are organized, not the way people are organized, so on top of networks we
have domain names.
TCP therefore establishes a connection *to* a domain name rather than a
mere network address but there is no concept of the connection coming
*from* anywhere humanly meaningful.
Urns are “uniform resource names”, and uris are “uniform resource identifiers” and urls are “uniform resource locators”, and that is what the
web is built out of. 
There are several big problems with urls:
1. They are uniform: Everyone is supposed to agree on one domain
name for one entity, but of course they dont.  There is honest and
reasonable disagreement as to which jim is the “real” jim, because
in truth there is no one real jim, and there is fraud, as in lots of
people pretending to be Paypal or the Bank of America, in order to
steal your money.
2. They are resources: Each refers to only a single interaction, but of
course relationships are built out of many interactions.  There is no
concept of a connection continuing throughout many pages, no
concept of logon.  In building urls on top of TCP, we lost the
concept of a connection.  And because urls are built out of TCP
there is no concept of the content depending on both ends of the
connection that a page at the Bank might be different for Bob than
it is for Carol that it does in reality depend on who is connected is
a kluge that breaks the architecture.
Because security (ssl, https) is constructed below the level of a
connection, because it lacks a concept of connection extending
beyond a single page or a single url, a multitude of insecurities
result. We want https and ssl to secure a connection, but https and
ssl do not know there are such things as logons and connections.
That domain names and hence urls presuppose agreement, agreement
which can never exist, we get cybersquatting and phishing and
suchlike.
That connections and logons exist, but are not explicitly addressed by the
protocol leads to such attacks as cross site scripting and session fixation.
A proposed fix for this problem is yurls, which apply Zookos triangle to
the web: One adds to the domain name a hash of a rule for validating the
public key, making it into Zookos globally unique identifier.  The
nickname (non unique global identifier) is the web page title, and the
petname (locally unique identifier) is the title under which it appears in
your bookmark list, or the link text under which it appears in a web page.
This, however, breaks normal form.  The public key is an attribute of the
domain, while the nickname and petnames are attributes of particular web
pages a breach of normal form related to the loss of the concept of
connection a breach of normal form reflecting the fact that that urls
provide no concept of a logon, a connection, or a user.  
OK, so much for “uniform”.  Instead of uniform identifiers, we should
have zooko identifiers, and zooko identifiers organized in normal form.
But what about “resource”, for “resource” also breaks normal form.
Instead of “resources”, we should have “capabilities”.  A resource
corresponds to a special case of a capability, a resource is a capability
that that resembles a read only file handle. But what exactly are "capabilities”?
People with different concepts about what is best for computer security
tend to disagree passionately and at considerable length about what the
word “capability” means, and will undoubtedly tell me I am a complete
moron for using it in the manner that I intend to use it, but barging ahead anyway:
A “capability” is an object that represents one end of a communication
channel, or information that enables an entity to obtain such a channel, or
the user interface representation of such a channel, or such a potential
channel. The channel enables the possessor of the capability to do stuff to
something, or get something.  Capabilities are usually obtained by being
passed along the communication channel. Capabilities are usually
obtained from capabilities, or inherited by a running instance of a program
when the program is created, or read from storage after originally being
obtained by means of another capability.
This definition leaves out the issue of security to provide security,
capabilities need to be unforgeable or difficult to guess.  Capabilities are
usually defined with the security characteristics central to them, but I am
defining capabilities so that what is central is connections and managing
lots of potential connection.  Sometimes security and limiting access is a
very important part of management, and sometimes it is not.
A file handle could be an example of a capability it is a communication
channel between a process and the file management system.  Suppose we
are focussing on security and access management to files: A file handle
could be used to control and manage permissions if a program that has the
privilege to access certain files could pass an unforgeable file handle to
one of those files to a program that lacks such access, and this is the only
way the less privileged program could get at those files.
Often the server wants to make sure that the client at one end of a
connection is the user it thinks it is, which fits exactly into the usual
definitions of capabilities.  But more often, the server does not care who
the client is, but the client wants to make sure that the server at the other
end of the connection is the server he thinks it is, which, since it is the
client that initiates the connection, does not fit well into many existing
definitions of security by capabilities.
# Mapping between globally unique human readable names and public keys
The blockchain provides a Merkle-patricia dac of human readable names. Each

4
docs/names/peering_through_nat.md → docs/names/nat.md
View File

@ -4,11 +4,11 @@ title: Peering through NAT
...
A library to peer through NAT is a library to replace TCP, the domain
name system, SSL, and email. This is covered at greater length in
[Replacing TCP](replacing_TCP.html)
[Replacing TCP](TCP.html)
# Implementation issues
There is a great [pile of RFCs](./replacing_TCP.html) on issues that arise with using udp and icmp
There is a great [pile of RFCs](TCP.html) on issues that arise with using udp and icmp
to communicate.
## timeout

24
docs/names/client_server.md → docs/names/server.md
View File

@ -1,24 +1,24 @@
---
title: Client Server Data Representation
title: Server Data Representation
...
# related
[Replacing TCP, SSL, DNS, CAs, and TLS](replacing_TCP.html){target="_blank"}
[Replacing TCP, SSL, DNS, CAs, and TLS](TCP.html){target="_blank"}
# clients and hosts, masters and slaves
# clients and hosts, masters and servers
A slave does the same things for a master as a host does for a client.
A server does the same things for a master as a host does for a client.
The difference is how identity is seen by third parties. The slaves identity
is granted by the master, and if the master switches slaves, third parties
The difference is how identity is seen by third parties. The servers identity
is granted by the master, and if the master switches servers, third parties
scarcely notice. It the same identity. The client's identity is granted by the
host, and if the client switches hosts, the client gets a new identity, as for
example a new email address.
If we use [Pake and Opaque](libraries.html#opaque-password-protocol) for client login, then all other functionality of
the server is unchanged, regardless of whether the server is a host or a
slave. It is just that in the client case, changing servers is going to change
server. It is just that in the client case, changing servers is going to change
your public key.
Experience with bitcoin is that a division of responsibilities, as between Wasabi wallet and Bitcoin core, is the way to go - that the peer to peer networking functions belong in another process, possibly running on
@ -31,16 +31,18 @@ desires, and contradictory functions. Ideally one would be in a basement
and generally turned off, the other in the cloud and always on.
Plus, I have come to the conclusion that C and C++ just suck for
networking apps. Probably a good idea to go Rust for the slave or host.
networking apps. Probably a good idea to go Rust for the server or host.
The wallet is event oriented, but only has a small number of concurrent
tasks. A host or slave is event oriented, but has a potentially very large
tasks. A host or server is event oriented, but has a potentially very large
number of concurrent tasks. Rust has no good gui system, there is no
wxWidgets framework for Rust. C++ has no good massive concurrency
system, there is no Tokio for C++.
Where do we put the gui for controlling the slave? In the master, of
Where do we put the gui for controlling the server? In the master, of
course.
Where do we put the networking stuff? in the server.
# the select problem
To despatch an `io` event, the standard is `select()`. Which standard sucks
@ -102,7 +104,7 @@ Linux people recommended a small number of threads, reflecting real hardware thr
I pray that that wxWidgets takes care of mapping windows asynchronous sockets to their near equivalent functionality on Linux.
But writing a server/host/slave for Linux is fundamentally different to
But writing a server/host/server for Linux is fundamentally different to
writing one for windows. Maybe we can isolate the differences by having
pure windows sockets, startup and shutdown code, pure Linux sockets,
startup and shutdown code, having the sockets code stuff data to and from

117
docs/names/true_names_and_TCP.md
View File

@ -1,117 +0,0 @@
---
lang: en
title: True Names and TCP
---
Vernor Vinge [made the point](http://www.amazon.com/True-Names-Opening-Cyberspace-Frontier/dp/0312862075) that true names are an instrument of
government oppression. If the government can associate
your true name with your actions, it can punish you for
those actions. If it can find the true names associated
with a transaction, it is a lot easier to tax that
transaction.
Recently there have been moves to make your cell phone
into a wallet. A big problem with this is that cell
phone cryptography is broken. Another problem is that
cell phones are not necessarily
associated with true names, and as soon as the government hears
that they might control money, it starts insisting that cell phones
*are* associated with true names. The phone companies dont like
this, for if money is transferred from true name to true name, rather
than cell phone to cell phone, it will make them a servant of the
banking cartel, and the bankers will suck up all the gravy, but once
people start stealing money through flaws in the encryption, they
will be depressingly grateful that the government can track account
holders down and punish them except, of course, the government
probably will not be much good at doing so.
TCP is all about creating connections.  It creates connections between network addresses, but network addresses correspond to
the way networks are organized, not the way people are organized,
so on top of networks we have domain names.
TCP therefore establishes a connection *to* a domain name rather
than a mere network address but there is no concept of the
connection coming *from* anywhere humanly meaningful.
Urns are “uniform resource names”, and uris are “uniform resource identifiers” and urls are “uniform resource locators”, and that is what the web is built out of. 
There are several big problems with urls:
1. They are uniform: Everyone is supposed to agree on one domain name for one entity, but of course they dont.  There is honest and reasonable disagreement as to which jim is the “real” jim, becaŭse in truth there is no one real jim, and there is fraŭd, as in lots of people pretending to be Paypal or the Bank of America, in order to steal your money.
2. They are resources: Each refers to only a single interaction,
but of course relationships are built out of many
interactions.  There is no concept of a connection continuing
throughout many pages, no concept of logon.  In building
urls on top of TCP, we lost the concept of a connection.  And
because urls are built out of TCP there is no concept of the
content depending on both ends of the connection that a
page at the Bank might be different for Bob than it is for
Carol that it does in reality depend on who is connected is
a kluge that breaks the architecture.
Because security (ssl, https) is constructed below the level of
a connection, because it lacks a concept of connection
extending beyond a single page or a single url, a multitude of
insecurities result. We want https and ssl to secure a
connection, but https and ssl do not know there are such
things as logons and connections.
That domain names and hence urls presuppose agreement, agreement
which can never exist, we get cybersquatting and phishing and
suchlike.
That connections and logons exist, but are not explicitly addressed
by the protocol leads to such attacks as cross site scripting and
session fixation.
A proposed fix for this problem is yurls, which apply Zookos
triangle to the web: One adds to the domain name a hash of a rule
for validating the public key, making it into Zookos globally unique
identifier.  The nickname (non unique global identifier) is the web
page title, and the petname (locally unique identifier) is the title
under which it appears in your bookmark list, or the link text under
which it appears in a web page.
This, however, breaks normal form.  The public key is an attribute of the domain, while the nickname and petnames are attributes of particular web pages a breach of normal form related to the loss of the concept of connection a breach of normal form reflecting the fact that that urls provide no concept of a logon, a connection, or a user.  
OK, so much for “uniform”.  Instead of uniform identifiers, we
should have zooko identifiers, and zooko identifiers organized in
normal form.  But what about “resource”, for “resource” also breaks
normal form.
Instead of “resources”, we should have “capabilities”.  A resource
corresponds to a special case of a capability, a resource is a
capability that that resembles a read only file handle. But what
exactly are “capabilities”?
People with different concepts about what is best for computer security tend to disagree passionately and at considerable length about what the word “capability” means, and will undoubtedly tell me I am a complete moron for using it in the manner that I intend to use it, but barging ahead anyway:
A “capability” is an object that represents one end of a
communication channel, or information that enables an entity to
obtain such a channel, or the user interface representation of such a
channel, or such a potential channel. The channel enables the
possessor of the capability to do stuff to something, or get
something.  Capabilities are usually obtained by being passed along
the communication channel. Capabilities are usually obtained from
capabilities, or inherited by a running instance of a program when
the program is created, or read from storage after originally being
obtained by means of another capability.
This definition leaves out the issue of security to provide security, capabilities need to be unforgeable or difficult to guess.  Capabilities are usually defined with the security characteristics central to them, but I am defining capabilities so that what is central is connections and managing lots of potential connection.  Sometimes security and limiting access is a very important part of management, and sometimes it is not.
A file handle could be an example of a capability it is a
communication channel between a process and the file
management system.  Suppose we are focussing on security and
access management to files: A file handle could be used to control
and manage permissions if a program that has the privilege to
access certain files could pass an unforgeable file handle to one of
those files to a program that lacks such access, and this is the only
way the less privileged program could get at those files.
Often the server wants to make sure that the client at one end of a
connection is the user it thinks it is, which fits exactly into the usual
definitions of capabilities.  But more often, the server does not care
who the client is, but the client wants to make sure that the server
at the other end of the connection is the server he thinks it is,
which, since it is the client that initiates the connection, does not fit
well into many existing definitions of security by capabilities.

2
docs/parsers.md
View File

@ -74,7 +74,7 @@ polish order, thus implicitly executing a stack of run time typed operands,
which eventually get compiled and eventually executed as just-in-time typed
or statically typed operands and operators.
For [identity](identity.html), we need Cryptographic Resource Identifiers,
For [identity](names/identity.html), we need Cryptographic Resource Identifiers,
which cannot conform the “Universal” Resource Identifier syntax and semantics.
Lexers are not powerful enough, and the fact that they are still used