<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
In a p2p PKI, attacking the CA[s] does NOT take down the network, it
only prevents new users from joining during the attack! <br>
<br>
There is also a simple way to harden against this - never publish the
CA IPs to the network, only publish (D[s]HT) a list of current proxies
that can access the CAs. Attacking the CAs then means attacking the
proxies, and any known CA addresses. During an attack, it is possible
to republish the proxy list. If your attackers are following the CA
proxy list then you have a larger problem, but that can also be
mitigated by exponentially increasing the active proxy list, which is
simple if this proxy service is part of the peer protocol suite. This
may expose more CA IPs via compromised nodes, but using a second layer
of proxies selected by uptime or other trust metrics can further
limit. It is also possible to use "honey pot" strategies to identify
which proxies are leaking CA IPs. This approach, plus using a connect
protocol that includes DDOS resistance like client puzzles, the
attacker has quite a hard time taking down the CA's. There are more
tricks, these are just some of my favorite...<br>
<br>
Alen Peacock wrote:
<blockquote
cite="midffe450f90510270745sb1c8a99h6cbbf860c3c4f14b@mail.gmail.com"
type="cite">
<pre wrap="">On 10/27/05, Kerry Bonin <a class="moz-txt-link-rfc2396E" href="mailto:kerry@vscape.com"><kerry@vscape.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I think some people are put off by the size and
complexity of the libraries involved,
</pre>
</blockquote>
<pre wrap=""><!---->
Personally, I'm put off by the centralization. I'm not really
concerned about the library size or complexity of PKI,. In fact, my
experience indicates that implementing centralized CAs is a good deal
less complex than trying to distribute identity verification
throughout the system with no centralization.
Completely decentralized p2p applications have the advantage of
being especially resilient to DoS and other attacks on centrality.
Introducing centralized components negates this advantage. In the
case of using CAs in a p2p app, the entire network can be disabled by
attacking the CAs.
p2p networks pose an interesting challenge because you have to
design for the fact that malicious or misbehaving clients *will* be
present. Since there is no single entity or known group of entities
controlling the nodes (as in typical distributed applications), there
is no way to enforce adherence to protocols other than with the
protocols themselves. This may sound idealistic and naive, perhaps
justly so, but the further away from protocols that require
centralized architectures we get, the better (IMHO, of course).
Alen
_______________________________________________
p2p-hackers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:p2p-hackers@zgp.org">p2p-hackers@zgp.org</a>
<a class="moz-txt-link-freetext" href="http://zgp.org/mailman/listinfo/p2p-hackers">http://zgp.org/mailman/listinfo/p2p-hackers</a>
_______________________________________________
Here is a web page listing P2P Conferences:
<a class="moz-txt-link-freetext" href="http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences">http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences</a>
</pre>
</blockquote>
<br>
</body>
</html>