> At Thu, 03 Jul 2008 11:10:37 +0800, > jiangxingfeng 36340 wrote: > > > > > At Wed, 02 Jul 2008 09:48:27 +0800, > > > jiangxingfeng 36340 wrote: > > > > > > > > Hi,all: > > > > > > > > The authors of RELOAD-4 have done a great work to address > security> > > issues in P2P system. But I don't think it addresses > all security > > > > issues. Especially the malicious behaviors of authenticated > peer are > > > > not well dealt with, for example, misroute the packet, > discard the > > > > packet silently,etc. > > > > > > Well, we certainly never claimed to address all security issues, > > > so I'm not going to disagree with that. > > > > > > That said, I don't really expect a basic p2p protocol to do much > > > to address this sort of low-grade packet mismanagement attack. > > > > I don't think it is a low-grade issue because its negative > impact on the routing. > > There are a large number of ways to damage routing. It's not clear > to me that these are especially bad, and, as I said earlier, > the defensive techniques depend primarily on the DHT. > Because the P2P overlay is an self-organizing system, there are good or bad intermediate peers between the source peer and the destination peer. These intermediate peers may discard messages, misroute messages, do replay attacks, and etc. Or some peers can put victim's contact information under popular resource to cause DoS attacks, or manufacture a chosen-ID attack, and so many. I do think some of these attacks are very bad to the p2p overlay. I do believe the 'basic' protocol should provide the 'basic' defense for some general attacks, but not for all important attacks.
> > > As far as I know, the only techniques for dealing with > misbehavior of > > > on-path (from the perspective of the DHT) attack are fairly > > > inefficient.In any case, I would expect them to be DHT- > dependent > > > and therefore > > > isolated to the topology plugin (e.g., Maelstrom). > > > Is there some specific technical feature you believe should be in > > > RELOAD? > > > > Although topology plugin can isolate specific mechanisms from the > > base protocol, the evovling security or other mechanisms have > > requirements for the protocol messages which should help the > > realization of the mechaisms. So that means at least RELOAD should > > support adding new messages or extending existing messages to > > achieve that. > > RELOAD supports both of these already. I don't like the idea to isolate many issues to specific P2P algorithms, unless these security issues are caused by the P2P algorithms. BR Song Haibin > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
