Stephane Bortzmeyer wrote: > On Fri, Dec 17, 2010 at 04:03:06PM +0100, > Loic Dachary <l...@dachary.org> wrote > a message of 100 lines which said: > > >> A user finds the answer to question Q by sending a request to the >> DHT node responsible for Q (the question Q is hashed into a DHT >> key). A malicious node may try to impersonate the node responsible >> for Q and return an answer that is irrelevant. >> > > Why does it need to impersonate? It can simply join the DHT and then > be authoritative for a subset of the keys and reply what it > wants. That's the biggest problem with open DHTs (closed, one-shop > DHT, like those used at Google, Skype or Facebook are a different > matter). > > I was trying to think of a security problem specific to the application. Instead I described an open DHT specific problem from the perspective of the application, which is not a useful thing to do.
Do you think GNUnet approach to cope with Sybil attacks is a good direction to lower the risks ? Another approach may be that the application (Seeks) support the creation of closed DHT. Each node would need to obtain credentials from a trusted authority before joining a designated ring. The simplest setup could be a central server delivering certificates. Each node would check the validity of the certificate before trusting incoming data from a new node. A loser setup could be that each node trusts incoming data from a node if and only if it belongs to a PGP trust ring, similar to Debian. From what you are saying I understand that there is a tradeoff between open DHT and security. Access control to a DHT makes it less open and increases the security by adding rules that each node must obey, in addition to the DHT protocol, before trying to join the DHT. GNUnet gives solutions to improve the security of open DHT, closing the DHT adds a frontier that makes it more difficult for a malicious node to join. In the context of a collaborative search software, it may be acceptable to implement access restrictions without jeopardizing a wide adoption. Am I making any sense ? I would not be offended if you tell me I'm completly wrong as it's new subject for me ;-)
<<attachment: loic.vcf>>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
