Hi guys, Thanks Eugen and Greg for mailing me about this.
The answer to ID clustering attacks is that cjdns is just really lazy, it routes to the physically nearest node whose ip address is numerically closer to the destination than your own (based on KAD). Since the physical topology is friend-to-friend, the attacker is forced to have a relatively tight cluster of nodes in physical space, they can pollute their own neighborhood but not the whole network. Pollution of one physical neighborhood would likely lead to them being de-peered by their "friend" who gave them the link. Re the recursive routing, it has two options. You can send direct to the destination at the switch level or you can forward to any node in the network and ask them to forward to the destination. The nodes between you and the one you asked to forward will have no access to the IPv6 dest address and if the one you are forwarding to us unfriendly, you use someone else. We've considered changing this to improve scalability but I can't figure out how to preserve this guarantee. The most scary general attack on the idea is a node who drops 10% of the packets sent through them. I don't know how to detect it statelessly and they can do quite a bit of damage. Again though the physical reality of the network comes in to play. The nodes which carry the majority of the traffic are heavily peered core nodes and the operators of such are unlikely to intentionally attack the network, this is the same logic which holds BGP together despite it's painful frailty. Hope that helps Thanks, Caleb On 07/14/2013 04:50 PM, Eugen Leitl wrote: > ----- Forwarded message from Mitar <mmi...@gmail.com> ----- > > Date: Sun, 14 Jul 2013 05:55:37 -0700 > From: Mitar <mmi...@gmail.com> > To: liberationtech <liberationtech@lists.stanford.edu> > Subject: Re: [liberationtech] CJDNS hype > Reply-To: liberationtech <liberationtech@lists.stanford.edu> > > Hi! > > On Sun, Jul 14, 2013 at 5:01 AM, Ralph Holz <h...@net.in.tum.de> wrote: >> I don't see how "no need to make a decision" should be possible. If you >> don't know any contacts in the network, how are you supposed to trust them? > > Ideally, you shouldn't have to trust anybody. :-) > > You should be able to turn on your overlay network node, it should > connect to the network, and you should be able to communicate with > anybody, despite somebody trying to censor you. > > Sadly, it seems we are not yet there. Or maybe we will never be. > >> First of all, they use recursive routing instead of iterative lookups >> (that's important to deal with the attacker on the IP level). Then they >> use a random walk to get around a tactically acting attacker trying to >> occupy important spots in the network, before they switch to the normal >> routing. > > It seems CJDNS is using the recursive routing approach? But isn't so > that it is enough that in the whole routing path you get only one > adversary node and this node can black hole your packets? > > > Mitar > -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
