Hide DREAD ratings until we know how we want to use them

ace18e4e · str4d · 632d254e · ace18e4e
Commit ace18e4e authored 11 years ago by str4d
--- a/i2p2www/pages/site/docs/how/threat-model.html
+++ b/i2p2www/pages/site/docs/how/threat-model.html
@@ -157,6 +157,8 @@ The
 to review.
 {%- endtrans %}</p>

+{# Hide DREAD ratings until we know how we want to use them
+
 <p>{% trans DREAD='https://blogs.msdn.com/b/david_leblanc/archive/2007/08/13/dreadful.aspx' -%}
 Attacks are judged using the <a href="{{ DREAD }}">modified <strong>DREAD</strong> model</a>:
 {%- endtrans %}</p>
@@ -175,6 +177,8 @@ and priority scores are calculated using the equations outlined
 <a href="{{ DREAD }}">here</a>.
 {%- endtrans %}</p>

+#}
+
 <h3 id="index">{% trans %}Index of Attacks{% endtrans %}</h3>
 <ul>
 <li><a href="#bruteforce">{% trans %}Brute force attacks{% endtrans %}</a></li>
@@ -199,7 +203,7 @@ and priority scores are calculated using the equations outlined

 <h3 id="bruteforce">{% trans %}Brute force attacks{% endtrans %}</h3>

-{{ DREAD_score(2, 1, 1, 1, 3) }}
+{# DREAD_score(2, 1, 1, 1, 3) #}

 <p>{% trans -%}
 A brute force attack can be mounted by a global passive or active adversary, 
@@ -243,7 +247,7 @@ are discussed on the

 <h3 id="timing">{% trans %}Timing attacks{% endtrans %}</h3>

-{{ DREAD_score(2, 2, 2, 3, 2) }}
+{# DREAD_score(2, 2, 2, 3, 2) #}

 <p>{% trans -%}
 I2P's messages are unidirectional and do not necessarily imply that a reply
@@ -280,7 +284,7 @@ References: <a href="{{ pdf }}">Low-Resource Routing Attacks Against Anonymous S

 <h3 id="intersection">{% trans %}Intersection attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 2, 2, 3, 3) }}
+{# DREAD_score(3, 2, 2, 3, 3) #}

 <p>{% trans -%}
 Intersection attacks against low latency systems are extremely powerful -
@@ -365,7 +369,7 @@ There are a whole slew of denial of service attacks available against I2P,
 each with different costs and consequences:
 {%- endtrans %}</p>

-{{ DREAD_score(1, 1, 2, 1, 3) }}
+{# DREAD_score(1, 1, 2, 1, 3) #}
 <p>{% trans -%}
 <b>Greedy user attack:</b> This is simply
 people trying to consume significantly more resources than they are 
@@ -389,7 +393,7 @@ Maintain a strong community with blogs, forums, IRC, and other means of communic
  </ul>
 <div style="clear:both"></div>

-{{ DREAD_score(2, 1, 1, 2, 3) }}
+{# DREAD_score(2, 1, 1, 2, 3) #}
 <p>{% trans peerselection=site_url('docs/how/peer-selection') -%}
 <b>Starvation attack:</b> A hostile user may attempt to harm the network by
 creating a significant number of peers in the network who are not identified as
@@ -409,7 +413,7 @@ significant efforts required in this area.
 {%- endtrans %}</p>
 <div style="clear:both"></div>

-{{ DREAD_score(1, 2, 2, 2, 3) }}
+{# DREAD_score(1, 2, 2, 2, 3) #}
 <p>{% trans todo=site_url('get-involved/todo') -%}
 <b>Flooding attack:</b> A hostile user may attempt to flood the network,
 a peer, a destination, or a tunnel.  Network and peer flooding is possible,
@@ -428,7 +432,7 @@ operation</a> is implemented).
 {%- endtrans %}</p>
 <div style="clear:both"></div>

-{{ DREAD_score(1, 1, 1, 1, 1) }}
+{# DREAD_score(1, 1, 1, 1, 1) #}
 <p>{% trans -%}
 <b>CPU load attack:</b> There are currently some methods for people to 
 remotely request that a peer perform some cryptographically expensive 
@@ -441,7 +445,7 @@ bugs in the implementation.
 {%- endtrans %}</p>
 <div style="clear:both"></div>

-{{ DREAD_score(2, 2, 3, 2, 3) }}
+{# DREAD_score(2, 2, 3, 2, 3) #}
 <p id="ffdos">{% trans peerselection=site_url('docs/how/peer-selection'),
 netdb=site_url('docs/how/network-database') -%}
 <b>Floodfill DOS attack:</b> A hostile user may attempt to harm the network by
@@ -459,7 +463,7 @@ For more information see the

 <h3 id="tagging">{% trans %}Tagging attacks{% endtrans %}</h3>

-{{ DREAD_score(1, 3, 1, 1, 1) }}
+{# DREAD_score(1, 3, 1, 1, 1) #}

 <p>{% trans todo=site_url('get-involved/todo') -%}
 Tagging attacks - modifying a message so that it can later be identified 
@@ -477,7 +481,7 @@ as the links are encrypted and messages signed.

 <h3 id="partitioning">{% trans %}Partitioning attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 1, 1, 1, 2) }}
+{# DREAD_score(3, 1, 1, 1, 2) #}

 <p>{% trans -%}
 Partitioning attacks - finding ways to segregate (technically or analytically)
@@ -517,7 +521,7 @@ Also discussed on the <a href="{{ netdb }}#threat">network database page</a> (bo

 <h3 id="predecessor">{% trans %}Predecessor attacks{% endtrans %}</h3>

-{{ DREAD_score(1, 1, 1, 1, 3) }}
+{# DREAD_score(1, 1, 1, 1, 3) #}

 <p>{% trans -%}
 The predecessor attack is passively gathering statistics in an attempt to see
@@ -562,7 +566,7 @@ which is an update to the 2004 predecessor attack paper

 <h3 id="harvesting">{% trans %}Harvesting attacks{% endtrans %}</h3>

-{{ DREAD_score(1, 1, 2, 2, 3) }}
+{# DREAD_score(1, 1, 2, 2, 3) #}

 <p>{% trans -%}
 "Harvesting" means compiling a list of users running I2P.
@@ -609,7 +613,7 @@ enact other restricted route methods.

 <h3 id="traffic">{% trans %}Identification Through Traffic Analysis{% endtrans %}</h3>

-{{ DREAD_score(1, 1, 2, 3, 3) }}
+{# DREAD_score(1, 1, 2, 3, 3) #}

 <p>{% trans transport=site_url('docs/transport') -%}
 By inspecting the traffic into and out of a router, a malicious ISP
@@ -669,7 +673,7 @@ Reference: <a href="{{ pdf }}">Breaking and Improving Protocol Obfuscation</a>

 <h3 id="sybil">{% trans %}Sybil attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 2, 1, 3, 3) }}
+{# DREAD_score(3, 2, 1, 3, 3) #}

 <p>{% trans -%}
 Sybil describes a category of attacks where the adversary creates arbitrarily
@@ -718,7 +722,7 @@ for more Sybil discussion.

 <h3 id="buddy">{% trans %}Buddy Exhaustion attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 2, 2, 1, 3) }}
+{# DREAD_score(3, 2, 2, 1, 3) #}

 <p>{% trans pdf='http://www.eecs.berkeley.edu/~pmittal/publications/nisan-torsk-ccs10.pdf' -%}
 (Reference: <a href="{{ pdf }}">In Search of an Anonymouns and Secure Lookup</a> Section 5.2)
@@ -743,7 +747,7 @@ Further research and defenses may be necessary.

 <h3 id="crypto">{% trans %}Cryptographic attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 2, 1, 3, 1) }}
+{# DREAD_score(3, 2, 1, 3, 1) #}

 <p>{% trans cryptography=site_url('docs/how/cryptography') -%}
 We use strong cryptography with long keys, and
@@ -785,7 +789,7 @@ end to end messages include simple random padding.

 <h3 id="floodfill">{% trans %}Floodfill Anonymity attacks{% endtrans %}</h3>

-{{ DREAD_score(3, 2, 1, 2, 2) }}
+{# DREAD_score(3, 2, 1, 2, 2) #}

 <p>{% trans netdb=site_url('docs/how/network-database') -%}
 In addition to the floodfill DOS attacks described
@@ -815,7 +819,7 @@ Several scenarios are discussed on the

 <h3 id="central">{% trans %}Central Resource Attacks{% endtrans %}</h3>

-{{ DREAD_score(1, 1, 1, 3, 3) }}
+{# DREAD_score(1, 1, 1, 3, 3) #}

 <p>{% trans -%}
 There are a few centralized or limited resources (some inside I2P, some not)
@@ -870,7 +874,7 @@ and would shrink the network (in the short-to-medium term), just as the loss of

 <h3 id="dev">{% trans %}Development attacks{% endtrans %}</h3>

-{{ DREAD_score(2, 1, 1, 3, 1) }}
+{# DREAD_score(2, 1, 1, 3, 1) #}

 <p>{% trans -%}
 These attacks aren't directly on the network, but instead go after its development team 
@@ -911,7 +915,7 @@ should any defense be necessary.

 <h3 id="impl">{% trans %}Implementation attacks (bugs){% endtrans %}</h3>

-{{ DREAD_score(2, 2, 1, 3, 1) }}
+{# DREAD_score(2, 2, 1, 3, 1) #}

 <p>{% trans -%}
 Try as we might, most nontrivial applications include errors in the design or