[p2p-hackers] How Piracy Will Hyperlocalize with Mesh Networks

Michael Blizek michi1 at michaelblizek.twilightparadox.com
Sat Jan 22 07:16:48 EST 2011


Hi!

On 09:35 Sat 22 Jan     , Eugen Leitl wrote:
> On Sat, Jan 22, 2011 at 08:00:45AM +0100, Michael Blizek wrote:
...
> > Besides IPv6 is as broken as IPv4 in meshes. It provides zero security,
> 
> I'm seeing a loophole in IPv6 by way of providing a local /64 which
> is effectively scratch space. This would prepare the way for geographic
> routing when the table space growth goes exponential again.

In how far is this geographic routing supposed to help? Finding routes to the
other end of the mesh which you do not use anyway?

> > privacy and a single high-bandwidth application can slow everything down
> > extremely - and there is close to nothing you can do about this. The only
> > thing IPv6 does slightly better in meshes than IPv4 is automatic address
> 
> Positioning information is a good source of automatic address assignment,
> and there's machinery (DAD) helping you to deal with rare collisions.

Well, let's see which possibilities exist for defining addresses:
1) You have a very small address space and search the network to see if your
   randomly generated address is already in use before you use it.
2) You have a big address space and just generate an address and assume nodody
   else uses it.
3) You use public keys of a public-private key crypto to make sure nobody can
   "take over" somebody else's address.

If IPv6 can not even do 2 without any quirks it has *zero* reason for
existance in mesh networks. Not even "the outside is using IPv6" (they are
 *not*) is an argument, because you usually want to create an encrypted tunnel
to the exit node anyway.

> > assignment - and even this probably is not that hard to do in IPv4 unless you
> > have extreme situations.
> 
> IPv4 is dead, Jim.

IPv4 is *not* dead. Everybody is using it. I do not know a single ISP who
provides it to their customers. Besides IPv6 is close to being the worst you
can do from a privacy point of view. Getting rid of NAT is a very bad idea.
Having the last 64 bits globally unique no matter where you more is very bad
is well. Even privacy extensions (*if* used) are not as good, because addresses
will not get reused. Having the first 64 bits static is even worse. I seriously
doubt that it is not even necessary. Providers start implementing carrier side
NAT and if done right (with UPnP or other means of forwarding ports without
user intervention), this can be a significant privacy gain without any side
effects.

Yes I know how much application can be fingerprinted, but this does not mean
that we should constantly be adding ever more identifying information.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com



More information about the p2p-hackers mailing list