-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/07/13 01:49, Mitar wrote: >> BTW, how do you propose to make Sybil nodes "impossible"? > > I don't. I am just making an argument, that maybe there is some way > we (or I) don't yet know which would allow us to don't have to > trust other nodes with anything else that they forward the packet. > And if they don't, we can maybe detect that and remove them from > the routing path. So at the end maybe it is not even important if > Sybil nodes are possible or impossible. You just care if they > forward the packet. If they do, this is it. If they don't (from > whatever reason, being malicious or just malperforming), you route > along that, no? But to be able to route around, you have to be able > to have multiple paths.
Hi Mitar, If there's no protection against Sybil attacks then in general it's impossible to route around faulty nodes or links. The problem is that in order to detect faults, we have to associate some kind of reliability measurement with some kind of node or link identifier (for example, "x percent of packets sent via link y were delivered"). If there's no Sybil protection then whenever we detect a node or link as being faulty, the adversary can simply create a new identifier for that node or link. The adversary can create imaginary networks of arbitrary size and structure, composed entirely of Sybil identities, to absorb our measurement resources. It's like playing whack-a-mole with an infinite number of moles. ;-) If we consider the most limited form of Sybil protection, where we know that our immediate neighbours in the network aren't Sybils (for example, maybe they're people we know in real life) but we don't know anything about the rest of the network, then we can do a very limited form of fault detection: we can measure the reliability of each neighbour, without speculating about what the network beyond that neighbour looks like, and route around unreliable neighbours. But that's not as easy as it sounds: if the adversary can distinguish between different types of packet then she can treat them differently. For example, if the network uses separate measurement packets and data packets, the adversary can deliver measurement packets but drop data packets. If the packets carry source or destination addresses, the adversary can drop packets with certain sources or destinations while keeping her overall reliability high. The adversary may be able to manipulate the reliability measurements without dropping packets, for example by spoofing addresses or forging measurement packets. This problem is known as Byzantine robust routing. It was first framed by Radia Perlman in 1988, and so far nobody's come up with a solution that doesn't require some kind of limit on the creation of identities. Many have tried and failed. I was one of them. :-) I don't know enough about CJDNS to know whether it's solved this problem, but I'll be pleasantly surprised if it has. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR5AyxAAoJEBEET9GfxSfM2OwIALyIROECcLGCiJlyM8DX6IKQ aQdC4JFfcgsh1poTq1MaHjF1nCUA14OBF73bpxp0iRw8b0fcJ4AwqAlzdDbxL1k0 cfxdaytN6dZPSgQng6jot4o4GzCYdVNdWcAxsycNgohjX0MDa64pe6gJmYmZlmBw S24FB8ismcMl3Ohyu1mg339NsBzo6is3zKa9/TVp5l5iB/FVFM8yjTewkAgdBFVD BlOLwEr5h+gHUqTpmmswXbJIcqT9/xe14NogKOgUDUUfpZMe7g0ZWeF7z65FJwLn C2kVc/HxB85TTmwaGoV/Os79lQALLVNmdafgqHhcRRNTTCRUKcqlgDsZt6/SsEE= =ud7U -----END PGP SIGNATURE----- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
