On 2010-12-28, $witch wrote:
Wouldn't it be reasonable to develop CASCADE TREE routing as to screw
DoS and DDoS attacks [......]?
maybe am a little bit off-topic but : why RRG need to take position
against [D]DoS ?
It might be that flow and/or congestion control isn't now a routing
problem, but everybody knows it's a core part of Internet architecture,
and that (D)DoS is predicated upon circumventing it. So, it is a very
real problem. If it can't be solved in some other way -- the ongoing
backwards congestion signaling and pricing work springs to mind, and
even that impacts IP level functionality as it stands -- then it isn't
readily out of the question that the RRG would have to be involved at
some point.
That's not on the formal agenda, though, so for now this sort of
discussion does remain off-topic. (Personally I try to use the [ot]
marker for this stuff, to enable automatic filtering, btw.)
maybe DDoSes are the only weapons in the hand of freedom, why do you
like to downgrade them?
Here we're talking about not only e2e communication, but e2e, collective
incentivization. I.e. something that is very much more political,
incendiary and complicated than even state mandated policy routing. The
stuff the Big Boys and Three Letter Agencies are keenly interested in.
Would IETF/IRTF even *want* to go there?
Then if we leave out the politics and stick to the technical detail,
it's true that the only real disincentive that works from end to end is
(D)DoS. If we grant that such incentivization should be possible, that
is a technical problem because DoS is a highly wasteful and disruptive
means of communicating such information, with lots of collateral damage.
As such the proper way to address this would be to a) make DoS
impossible or uneconomic at the architecture level, and then to b)
design a low-overhead, e2e, secure, Internet Punishment Protocol to make
this kind of feedback more explicit, scalable and manageable.
It's just that... At least for me something like IPP is stuff I'd expect
to find in an April's Fool RFC. Not in any serious one.
DDoS resistant routing though sounds interesting. The HIP folks have
been thinking about that sort of thing from the start, obviously. I
wonder if some of their ideas, e.g. in the four-way handshake with
expensive challenges, could be leveraged within the core-edge-separation
work? I mean, without too much centralized computational burden; perhaps
only in connection with mobility, where the end networks are many and
lean? There and then I'd like to hear more about "cascade tree routing",
and judging by the name, also about how it might potentially connect
with MPLS and Nimrod.
--
Sampo Syreeni, aka decoy - [email protected], http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
