LjL

Other DHT-based systems I've seen use this kind of node caching and don't seem to be largely vulnerable to attacks, considering that you're going to store hundreds of independent nodes...

Would such an attack still be feasible if, in addition to caching previous nodes as I'm suggesting, you _also_ kept trying to connect to hardcoded ones just as we are...

@SkyzohKey Surely that's even more centralized, fetching from one fixed place. That place goes down or stops being kept up to date, you stop being able to bootstrap. Doesn't sound...

@GrayHatter why can't you only trust specific certificates? Just because web browsers have a comprehensive list of certificate authorities doesn't have to mean Tox has to use the same list,...

> Right, but a huge part of tox is to be trustless (just ask @JFreegman ). I'm fine with trust, but I'm not fine with trusting every TLA. So if...

You seem to be fine with a few things that the Tox project at least originally was not. Personally I hope it stays the original way. Anyway http://perspectives-project.org/ offers a...

I'm using distributed trust when I use toxcore, because even though I haven't read every line of code in the client I use, it is possible for everyone to scrutinize...

Keep in mind that working around firewalls this way may result in sysadmins banning Tox from their networks completely. When sysadmins limit ports, they generally mean it.

"Able to"? It's not like Tox is a stealthy app that hides itself... and the _normal_ protocols that run on those ports can be distinguished from Tox.

@fcore117 It's an endeavour I could get behind, just keep in mind that it's _very difficult_ to make traffic from something like Tox completely opaque and indistinguishable from other types...