public inbox for nncp-devel@lists.stargrave.org
Atom feed
From: John Goerzen <jgoerzen@complete•org>
To: Sergey Matveev <stargrave@stargrave•org>
Cc: nncp-devel@lists.cypherpunks.ru
Subject: Re: Assorted NNCP questions
Date: Sun, 27 Dec 2020 22:34:15 -0600 [thread overview]
Message-ID: <8735zqpn08.fsf@complete.org> (raw)
In-Reply-To: <X+hZr0GdT8OMlAqB@stargrave.org>
On Sun, Dec 27 2020, Sergey Matveev wrote:
> Greetings!
Hello again, and thank you for this very informative reply! A few
remarks within..
> onlinedeadline option must be "in sync" on both nodes, because
> there is
> no agreement made on it inside the online protocol itself. But
> anyway
> currently I do not understand why it is not working properly for
> you. I
> remember that there were problems some time ago, but I thought
> they were
> fixed. My "upstream" node (my gateway and mail server) has only
> onlinedeadline option for my "laptop":
Ahhhh.. I hadn't realized that it had to be in sync on both ends.
When I corrected that, it began behaving as expected. That does
have some logic to it; presumably whatever side has the smallest
value becomes the operative one for the connection? This may be a
useful thing to document wherever those settings are referenced.
> # zstd -d < /var/spool/nncp/log.2.zst | grep call-finish
Is there something built into NNCP that does this log rotation and
compression, by the way?
> Technically it is rather simple to add ability to encrypt packet
> to
> multiple recipients at once. Just encrypt the same single
> symmetric key
> to each node with ephemeral DH keys. It will add just a few
> dozens of
> bytes per each additional node. So we can add everyone in the
> -via path
> as an additional recipient to the packet and transitional
> packets inside
> it, without any considerable CPU/disk space overhead -- and
> everyone in
> the -via path (and target's node) should be able to process the
> packet.
This (and your other ideas mentioned) is interesting. I am
contemplating a scenrio in which I have two backup drives, which
are rotated in.
I would have a backup source machine A, a relay machine B, and
then targets C and D (corresponding to the different drives). C
and D would be on an airgapped machine, and only one would be
online at a time.
I have been contemplating gpg-encrypting my backup data at A to a
key that is known by C and D but not B, then sending it via
nncp-exec to B. The command on B receives the data, and generates
two outgoing nncp-execs with a copy of it: one to C and one to D.
This way, whenever a drive is swapped, it will get the most recent
data.
This would work perfectly. It would be interesting to specify
multiple destinations and have NNCP figure out what the most
efficient place to do this splitting out is. However, my own
solution here ought to be pretty workable, and this is really a
niche case that may not really merit code in NNCP itself.
What I would not want is to weaken the existing NNCP protections
around "via"; for instance, B should never be able to see the
unencrypted data in this setup.
Thanks again!
- John
next prev parent reply other threads:[~2020-12-28 4:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-27 4:48 Assorted NNCP questions John Goerzen
2020-12-27 9:53 ` Sergey Matveev
2020-12-28 4:34 ` John Goerzen [this message]
2020-12-28 7:37 ` Sergey Matveev
2020-12-28 18:32 ` John Goerzen
2020-12-28 19:43 ` Sergey Matveev
2020-12-30 12:01 ` Sergey Matveev