2013/11/16 rysiek <rysiek@hackerspace.pl>
So I guess this is my question: does RetroShare's protocol seem solid and
sensible? Should we invest time and effort into it?

It's basic concepts are pretty well considered. It's quite like Tor only the first nodes are "trusted nodes" and not just any random one. That said I think the whole RetroShare thingy is shot to hell regarding traffic analysis. That's hard for everyone except the Top Secret level people.

Far as I know there's no deep-communication tactics except store-and-forward for forums. That's some weakness if you ask me. Finding a file based on a hash requires broadcasting the request for the hash, which will likely flood through (part of) the network. Tracing back a flood is pretty easy with a few nodes.

Invest in it? Not a bad thing to invest in. But it's not that special on the crypto/security level AFAIK. I think the whole P2P thing is a bigger deal than the crypto part of it.