Re: [P2PSIP] 回复:Re: 回复: P2PSIP and Security [Was P2PSIP Digest, Vol 19]

[Eric Rescorla <ekr at networkresonance.com>]

At Thu, 03 Jul 2008 11:10:37 +0800,
jiangxingfeng 36340 wrote:
> 
> > At Wed, 02 Jul 2008 09:48:27 +0800,
> > jiangxingfeng 36340 wrote:
> > > 
> > > Hi,all:
> > > 
> > > The authors of RELOAD-4 have done a great work to address security
> > > issues in P2P system. But I don't think it addresses all security
> > > issues. Especially the malicious behaviors of authenticated peer are
> > > not well dealt with, for example, misroute the packet, discard the
> > > packet silently,etc.
> > 
> > Well, we certainly never claimed to address all security issues,
> > so I'm not going to disagree with that. 
> > 
> > That said, I don't really expect a basic p2p protocol to do much
> > to address this sort of low-grade packet mismanagement attack. 
> 
> I don't think it is a low-grade issue because its negative impact on the routing. 

There are a large number of ways to damage routing. It's not clear
to me that these are especially bad, and, as I said earlier,
the defensive techniques depend primarily on the DHT.


> > As far as I know, the only techniques for dealing with misbehavior of
> > on-path (from the perspective of the DHT) attack are fairly 
> > inefficient.In any case, I would expect them to be DHT-dependent 
> > and therefore
> > isolated to the topology plugin (e.g., Maelstrom).
> > Is there some specific technical feature you believe should be in
> > RELOAD?
> 
> Although topology plugin can isolate specific mechanisms from the
> base protocol, the evovling security or other mechanisms have
> requirements for the protocol messages which should help the
> realization of the mechaisms. So that means at least RELOAD should
> support adding new messages or extending existing messages to
> achieve that.

RELOAD supports both of these already.

-Ekr
_______________________________________________
P2PSIP mailing list
P2PSIP at ietf.org
https://www.ietf.org/mailman/listinfo/p2psip