Dear Xiaofeng Qiu,
Indeed, if protection against eavesdropping from inside the overlay is
not an issue, encryption by means of public/private key pairs is
unnecessary. However, eavesdropping is only one of the numerous threats
a peer-to-peer overlay may face. Overlay routing attacks and attacks on
the structure of the overlay depend on the exploitation of knowledge
regarding the logical topology. This knowledge is easily gained via the
unprotected messages exchanged in P2PSIP. The interesting part is that
in p2p networks, many challenging threats originate from peers that are
already members of the overlay. Of course, the security levels P2PSIP
should provide is up to the WG. Our motivation stems from the fact that
P2PSIP may be used in communication scenarios with strict security
constraints (for example communication between authorities).
What is your opinion about the refreshment of the peers' certificates?
Konstantinos Birkos
University of Patras
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
