[p2p-hackers] P2P Authentication
Alen Peacock
alenlpeacock at gmail.com
Thu Oct 27 17:17:24 UTC 2005
On 10/27/05, Davide Carboni <dcarboni at gmail.com> wrote:
> ...You can even drop a
> bomb on the CA and the network keeps working. The only side effect is
> that new peers that have not a certificate yet, cannot join.
I'll concede this point to you and and Kerry willingly, for some
classes of p2p networks. But for other classes, disabling new peers
joining is almost as catastrophic as disabling the entire network --
certainly from a usability perspective, if this type of attack is
common (which it will be if easy to mount), then this could be a major
roadblock to adoption for users. As an example, imagine a well-healed
adversary (such as the RIAA) disabling a p2p filesharing application
by attacking its CAs. If your new users are not persistent, they'll
get turned away and not come back. And from the p2p churn studies
I've seen, you get a lot of "new users." Again, may not apply to all
p2p networks.
Alen
More information about the P2p-hackers
mailing list