[p2p-hackers] unhappy realization: Kademlia doesn't self-heal

Alen Peacock alenlpeacock at gmail.com
Tue Jan 17 03:38:44 UTC 2006


On 1/16/06, Priyanka Sinha <mottee at gmail.com> wrote:
>
> Hi
> hmm .. was reading the UIP document, and was wondering whether self
> certifying identities may well be replaced by normal MAC ids .. or perhaps
> in the light of security some kind of trusted MAC ids..
> am kinda new at thinking abt this stuff.. so would appreciate any comments
> on this
> :)
>


In large part, the answer depends on what you mean by MAC ID.  If you are
talking about the internet at large, you are talking about Ethernet MAC
addresses, no?  These addresses are 100% configurable for most ethernet
cards, and thus 100% spoofable.  So they'd only be useful if you assume that
no malicious nodes will participate in the network (which is, I think you'd
agree, a naive assumption)[*1], and only if you don't want to tie any useful
information to the ID (such as trust or reputation metrics).

Of course if you are talking about wireless LANs, it's a different
ballgame.  The 802.11 family utilizes the MAC layer precisely to do things
like authentication.  But even here, the schemes are likely less useful than
self-certifying identities.  For example, most schemes rely on a shared
secret for authentication (WEP keys), and shared secrets certainly don't
scale to the scope of most p2p applications.

  Alen


[*1] - the nodes don't even need to be malicious -- when I was in college,
the IT department bought some cheap consumer-grade NICs in bulk to
distribute to on-campus housing.  It turns out that the manufacturer, for
whatever reason, shipped hundreds of these NICs with the same MAC address,
wreaking general havoc on the initial network deployment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://zgp.org/pipermail/p2p-hackers/attachments/20060116/02688ee5/attachment.htm


More information about the P2p-hackers mailing list