[mnet-devel] Grid Of Trust -- pre-design

Some Guy amichrisde at yahoo.de
Wed Dec 10 12:31:27 GMT 2003 

 --- Jim Dixon <jdd at dixons.org> wrote: 
> On Tue, 9 Dec 2003, [iso-8859-1] Some Guy wrote:
> 
> > > My real argument is that the big flat p2p networks that were proposed
> > > around 1999-2001 are sitting ducks, easy targets for adversaries with any
> > > resources. The next generation of p2p systems must be small, fluid, hard
> > > to hit.  In military terms, the old-style networks are like Saddam
> > > Hussain's big, soft, clumsy army.  New network architectures must be more
> > > like al Quaida, built around personal trust.  They should be easy to
> > > build, so that you think nothing of throwing them away.  They should
> > > expect and react gracefully to attacks, fragmenting if necessary.  They
> > > should be modular, so that if a better way of solving problems comes
> > > along, you can just plug it in.  All of this makes it difficult for an
> > > adversary to see them, let alone take action against them.
> >
> > I see things going 1 of 2 ways.  A large efficient network, built like
> > a phalanx.  Where we all stand together.  This type of a network needs
> > to be so damn useful that like the Internet they won't try to outlaw
> > it.
> 
> Saddam would be proud of you.

Alexander the Great, might be proud of me to.  It's funny what a few thousand guys can pull off in
a just few years.  Everyone just had to stick to the drill and stay in formation.
 
> The guys with the machine guns would delight in the neat, orderly ranks of
> targets.  :-)

Hmmm, not if orderly ranks include tanks, aircraft carriers, and the lot.  Yes, if the battle is
asymetric you may need to run to the hills.  I'd like to think we don't have to.  That the people
that the RIAA live off of can hold thier ground, because they have more resources.  If there is
conclusive evidence to the contrary, ok we'll do plan B until we can do plan A again.
 
> > > But I have _never_ suggested building a global DHT.  What I have suggested
> > > is designing an infrastructure that can be used to implement p2p networks
> > > of all sizes, using a variety of techniques.
> >
> > Ahhhhhh, well I am out to build a global DHT and a global premix.
> > United it can stand divided it'll get killed.  Sure you and a dozen
> > friends can all authenticate each other and make a 12 man DHT, it'll
> > be 12 times as resistant to DoS, but if you're worried about the jerk
> > with 2^14 CPUs lieing around I'm not sure what the points is.
> 
> In fact I am not worried about the guys with the 2^12 CPUs or for that
> matter the guys with real firepower.  

Really well then my design shouldn't bother you.

> I don't propose to stand up and be
> dutifully mowed down.  

How many of us can they really mow down anyway?

> The idea is to build ad-hoc networks of all sizes
> and for all purposes, none of which would look like a natural target.

That was the point of the design; the nodes an advesary wants to strike won't be known to him. 
Unless he's dedicated insain resources.

> Some of these networks might still get hit.  If they are properly
> designed, they should just fragment and reform into different, smaller
> networks, networks that might later coalesce back into larger and possibly
> different networks.
> 
> The point is: don't be a target.

Right GOT hides the target randomly.  It's kind of a witness protection program.  Sure you might
exicidentally place the witness next door to Mr. Mafia's cousin, but the chances are small.

> And then: don't make wrong assumptions about who the Adversary will be.

I've limited the Adversary to someone with large resources.  It's like the old 80 bit encryption. 
If they have a butt load of resources, they can crack it.  If you want to point out another
securtiy flaw feel free.  I think I've covered the major ones.
 
> My experience is that the Adversary first and foremost will be --
> configuration errors.

Sure if I screw up on implementation, securty can get screwed up.  I really don't want to put to
much in to configuare, users just want a program they download, install, and run.  Ok maybe my
install takes a day, it's better than having to configure trust tables and routing.  I want it all
to be automatic.

> Right behind will be the script kiddies, people whose idea of a joke is
> taking a network down.  They often have thousands of CPUs at their
> disposal.

You think they have 2^14 CPUs they can dominate without anyone noticing?  What about the flood
bandwidth they'll need to flood say 1000 nodes afterwards.  If every script kiddie can easily get
ahold of resources like this, maybe it's time to think of setting up a P2P net using those
resources. :-)  Not to sure about the ethics in that.

> > > The large clusters, of course, will doubtless be global DHTs.  But they
> > > will overlap, with many people belonging to more than one cluster - and
> > > casually copying data from one to another.
> > >
> > > If the objective is anonymity, this is how to attain it.
> >
> > In order to get anonymity you're going to have to mix with people you
> > don't know.  If it's only you and your 11 friends you're only 1/12th
> > anonymous.
> 
> In order to be anonymous, you must have crowds.  Hashcash drives away the
> crowds, as would a requirement for a dedicated 10G hard drive or burning
> bandwidth 24x7 in constant recertification.

How are you going to get crowds in a system based only on real world trust?  Sure I can find a
couple of people I know won't screw me.  That doesn't scale to a large crowd.

> Anonymity requires lots of people, which means networks that are
> user-friendly: flexible, easy to discard, cheap, hard to target,
> ubiquitous, and easy, very easy, to use.

Anonymity requires some way of limiting the number of people participating in the protocol.  My
proposal uses resource limitation.  I think you're proposing transitive trust or something. 
Perhaps you've got some cool idea using flow graphs of trust or something.  Whatever you've got go
ahead and explain how I'm supposed to get 1/10000 anonymity if I only know 10 people using the
program?


__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel

More information about the Mnet-devel mailing list