Hi all, I have a question about the nodeID assignment in P2PSIP. As it said that " In order to prevent so-called Sybil or join-leave attacks, the attacker SHOULD NOT be able to easily register a unlimited number of IDs of his choice in the P2SIP overlay. The P2PSIP system SHOULD be able to control ID assignment. " in "draft-matuszewski-p2psip-security requirements-03.txt", how to determine the node's real identification in nodeID assignment? By its IP addr? By the username used on it? Or by its MAC addr? The IP addr may change, the username who uses the node may change,and so on. I mean that the attacker may change his usernames or his node IP addresses to register new nodeIDs or perhaps he can control many nodes to register many new nodeIDs although our P2PSIP system can control ID assignment indeed.
Best Regards, J.Chen 2008/7/30 songhaibin 64081 <[EMAIL PROTECTED]>: > Hi Jing, > > >> I have three questions about the new security requirements draft (-03): >>(1) The threats and security requirements on DHT network or overlay are >>discussed , but >what about the threats and security requirements on SIP? >>Especially that what are the >threats on decentralized SIP? >> > > Good question. I have discussed this question with Dan before, but we are so > busy. You will see the text about it in the next revision. > >>(2) Why the layers in "Figure 2 P2PSIP architecture" are different from >>the >architecture layers in RELOAD? The KBR Layer isn't included in the >>layers of RELOAD, and >this layer is not defined in >>draft-ietf-p2psip-concepts-02. >> > > I think the WG now have not achieved a consensus on the P2P layers. Bruce > didn't mention that issue in his presentation. But I think the architecture > are similar with Reload. We will surely make the architecture consistent with > the WG's consensus. > > From many papers, you will find KBR layer is often used. Anyway, we will keep > it consistent with the WG's consensus item. > >>(3) As I know, PKI-based certificate is not flexible enough nor bandwidth >>efficient because of the size of keys and certificates used. Why we don't >>consider to use >>Identity-based security framework ? >> > > I think Identity-based security framework may be easy to use in the self > organzed network. But the purpose of this draft mainly is not to provide the > concrete solutions. It just tell you what the security issues are in the > overlay, and you should consider them when you establish a p2p overlay. > > Best Regards! > -Song Haibin > > > > > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
