On Mar 4, 2008, at 11:23 AM, jiangxingfeng 36340 wrote: > >> At Mon, 03 Mar 2008 16:59:05 -0500, >> jiangxingfeng 36340 wrote: >>> >>>> I don't in principle have a problem with a separate non-normative >>>> document containing security analysis of P2PSIP systems. >>>> >>>> However, I believe all of the security features need to be >> part of the >>>> core protocol and the core document, which is why we built them >>>> into RELOAD. >>>> >>> >>> >>> With regard to security, IMHO, the most difficult part is how the >>> system deal with the mailicious behavior. Although some papers show >>> that if a large amount of peers are malicious, the system is >>> impossible to be a safe one. But does it mean the malicious behavior >>> need not be taken into account while design the core protocol? I >>> don't think so. >>
I think right now reload does a pretty good job of addressing malicious behavior through cryptography. One separable aspect of security that can be improved in reload-03 is specification of using alternate paths to avoid compromised (but authorized) peers. That should be made part of the DHT specification. There's the usual complexity tradeoff here, but I'm thinking that alternate paths are going to have to be added (probably as a SHOULD or RECOMMENDED) to allow the DHT protocol to function as the number of malicious peers grows. Bruce _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
