> I don't in principle have a problem with a separate non-normative > document containing security analysis of P2PSIP systems. > > However, I believe all of the security features need to be part of the > core protocol and the core document, which is why we built them > into RELOAD. >
With regard to security, IMHO, the most difficult part is how the system deal with the mailicious behavior. Although some papers show that if a large amount of peers are malicious, the system is impossible to be a safe one. But does it mean the malicious behavior need not be taken into account while design the core protocol? I don't think so. The draft named "P2PSIP Security Analysis and Evaluation" (http://tools.ietf.org/wg/p2psip/draft-song-p2psip-security-eval-00.txt) tries to analysis the security threat from the service perspective and take the autonomy of the peer into acccount. On the other hand, P2PSIP system MUST not be exploited to lauch DDoS attack. One of the simple attack is: A malicious peer put a hot resource whose location is pointed to a victim, then the victim will receive too much query or service request. IMHO, P2PSIP protocol should consider this case. So P2P security should have a basic assumption first and then we could develop mechanism based on the assumption. _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
