At Thu, 02 Jul 2009 17:23:45 +0800, Song Haibin wrote: > >> >> Req. 12: It SHOULD be possible to limit the impact of badly > >> >> behaving P2PSIP nodes on the overall system security. > >There SHOULD > >> >> be an option to identify malfunctioning or badly behaving nodes, > >> >and exclude > >> >> or reject them from the P2PSIP system. > >> > > >> >Hmm... It seems to me that this is already possible at > >least in some > >> >sense: you use short-lived certificates and then refuse to reissue > >> >their certificates. Did you have something else in mind? CRLs? > >> > > >> I'm not sure about the solution here. I think it may be hard to > >> determine the TTL for such kind shor-lived certificates. Misbehaving > >> nodes still function in the overlay until its certificate > >expires. Too > >> short TTL may overload the CA anyway. I don't know how CRLs work in > >> the overlay, in a p2p fashion or in a c/s fashion. > > > >Me neither. And since overlays are resistant to a certain > >amount of misbehavior, I don't know if we need to solve this right now. > > > > I prefer to mention the consideration to this problem in the security > considerations of the base draft.
I don't have a problem with mentioning this issue. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
