[p2p-hackers] P2P Authentication

Kerry Bonin kerry at vscape.com
Fri Oct 28 01:43:33 UTC 2005 

Misbehaving CA proxies present no threat other than revealing of the CA 
IPs, as any peer can know immediately if a CA is valid by examining its 
certificate or the trust chain of an issued cert.  If the list of 
trusted roots is distributed w/ the original application, or if the CAs 
derive from an OS installed trusted root, it is impossible to 
impersonate one without first obtaining the private keys of one of the CAs.

That's why I like using a PKI w/ p2p - the only real attack vector is 
against the CAs, and there are ways to hide them well (onion routing).  
Legal attacks would have to shut down all CAs to take down the network, 
which remains possible.  I'm not architecting my system for file 
sharing, I'm actually building MMORPG infrastructure, so the legal 
attack is less of an issue for me, I'm focusing on technical attacks.

Alen Peacock wrote:

>On 10/27/05, Kerry Bonin <kerry at vscape.com> wrote:
>  
>
>> There is also a simple way to harden against this - never publish the CA
>>IPs to the network, only publish (D[s]HT) a list of current proxies that can
>>access the CAs.  Attacking the CAs then means attacking the proxies, and any
>>known CA addresses.  During an attack, it is possible to republish the proxy
>>list.  If your attackers are following the CA proxy list then you have a
>>larger problem, but that can also be mitigated by exponentially increasing
>>the active proxy list, which is simple if this proxy service is part of the
>>peer protocol suite.  This may expose more CA IPs via compromised nodes, but
>>using a second layer of proxies selected by uptime or other trust metrics
>>can further limit.  It is also possible to use "honey pot" strategies to
>>identify which proxies are leaking CA IPs.  This approach, plus using a
>>connect protocol that includes DDOS resistance like client puzzles, the
>>attacker has quite a hard time taking down the CA's.  There are more tricks,
>>these are just some of my favorite...
>>    
>>
>
>  Who controls the CA proxies in this scheme?  If the "proxy service
>is part of the peer protocol suite" (I interpret this to mean that the
>proxies are just as untrusted as regular peers, or /are/ the regular
>peers), then you now have to worry about malicious and misbehaving
>proxies, which could provide an even bigger avenue of attack than the
>original set of CAs, no?  I'm sure you've thought about this and
>probably have some countermeasures to mitigate these effects too, but
>I wonder if it doesn't start to look like a rabbit hole?...
>
>  Alen
>_______________________________________________
>p2p-hackers mailing list
>p2p-hackers at zgp.org
>http://zgp.org/mailman/listinfo/p2p-hackers
>_______________________________________________
>Here is a web page listing P2P Conferences:
>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
>
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zgp.org/pipermail/p2p-hackers/attachments/20051027/89e37d04/attachment.htm

More information about the P2p-hackers mailing list