[p2p-hackers] P2P Authentication

Roop Mukherjee bmukherj at shoshin.uwaterloo.ca
Thu Oct 27 18:23:09 UTC 2005 

One may argue that 'pure' P2P authentication would not have traditional 
PKI like trusted CAs simply because that would mean some nodes are 
inherently more trusted than others. What you would want in P2P 
authentication would be some way in which all nodes start off as equals 
but through subsequent rounds of protocol or through added context build 
trust that would allow authentication. Some sort of reputation system 
(like http://ccs.mit.edu/dell/reputation.html) with persistence would be 
useful.

In my opinion a practical solution would involve a combination of 
asymmetric key cryptography and reputation system, where all 
CA's are treated as fallible nodes but can build their reputations.

-- Roop
__________________________________________________________
www.shoshin.uwaterloo.ca/~bmukherj

On Thu, 27 Oct 2005, Alen Peacock wrote:

> On 10/27/05, Kerry Bonin <kerry at vscape.com> wrote:
>> I think some people are put off by the size and
>> complexity of the libraries involved,
>
>  Personally, I'm put off by the centralization.  I'm not really
> concerned about the library size or complexity of PKI,.  In fact, my
> experience indicates that implementing centralized CAs is a good deal
> less complex than trying to distribute identity verification
> throughout the system with no centralization.
>
>  Completely decentralized p2p applications have the advantage of
> being especially resilient to DoS and other attacks on centrality.
> Introducing centralized components negates this advantage.  In the
> case of using CAs in a p2p app, the entire network can be disabled by
> attacking the CAs.
>
>  p2p networks pose an interesting challenge because you have to
> design for the fact that malicious or misbehaving clients *will* be
> present.  Since there is no single entity or known group of entities
> controlling the nodes (as in typical distributed applications), there
> is no way to enforce adherence to protocols other than with the
> protocols themselves.  This may sound idealistic and naive, perhaps
> justly so, but the further away from protocols that require
> centralized architectures we get, the better (IMHO, of course).
>
>  Alen
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>

More information about the P2p-hackers mailing list