On Oct 15, 2009, at 8:34 PM, 孙崇伟 wrote:
hi Cullen and everyone else
I review the secutiry part in the draft and have some questions
1. In the last paragraph of 1.3,
“In order to form a TLS connection to any node in the overlay,a new
node needs to know the shared overlay key….”
Does that mean when a node join into the overlay network, the key
management entity should send the shared key to it?Is the procedure
mandatory?
I tried to update the text in the draft so this is not so confusing.
There are basically two modes major deployment models. In one model,
you use certificates signed by the Certificate server that you gt
during enrollment and don't use a shared secret. In the other mode,
you use a shared secret that everyone find out though some out of band
method, and you use self signed certificates. The second mode is not
as secure but it would meet the needs of many small ad-hoc formed
overlays.
2. The third paragraph in 12.3
“Each certificate enable an entity to act in two sorts of roles:
As a user,stroing data at specific Resource-IDs…
As a overlay peer with the peer the ID(s)…”
So ,can I comprehend these like: The first role is authorizing a
user to store data ,and the second role is helping other peers to
authenticating the certificate owner itself?
Yes on the first role. On the second role, I think of it more as is
authorizing the node to insert itself into the DHT routing fabric at a
particular location and to route the messages that end up going
through that portion of the overlay.
thank you!
Sun Chongwei
Mobile Life and New Media Lab
Beijing University of Posts and Telecommunications
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
