Hello all.
Regarding the paper titled "Securely-Entrusted Multi-Topology Routing for
Community Networks" by Axel Neumann (CC'd) et al., I failed to find which of
the mailing lists the PDF link was posted to originally (and by whom), but now
I have looked through my hard copy of the paper and would like to note a couple
things of interest.
My current understanding of SEMTOR mechanism is that it uses an explicit
pre-agreed list of node IDs that belong to a trusted sub-graph. This list would
then be provisioned into each node, which would then filter non-trusted nodes
out when routing a specific set of network prefixes of concern.
I have thought about it and it seems to me as the size of the trusted graph
grows, the total combined size of the deployed configuration will grow faster
(n*n). This makes it much more difficult to add the 100th node to a 99-node
graph than it is to add 10th node to 9-node graph. Also as far as I understand
it, the pre-agreed list of the trusted nodes cannot be amended online without
losing the association with the peer nodes because the set is represented by
the hash value of its contents and as soon as one has changed it in one place,
the old [different] hash will be filtered out. In other words, compared to a
pre-shared key method I see operational disadvantages and don't see a gain. If
anyone can point me in a better direction to understand, that would be nice.
Another thing, as the paper explains, is the same old link spoofing attack and
the same attacks things a rogue node can do on the transit payload. For this
SEMTOR doesn't itself claim to be a solution and doesn't refer to some other
ultimate solution but does include a discussion of possible detection by means
of monitoring. So the good news is problem statement is consistently understood
by different people. That said, the solution is still unknown. I would be glad
to hear if anyone has to add to this.
--
Denis Ovsienko
_______________________________________________
Babel-users mailing list
Babel-users@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
