-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Clarke wrote:
>> 1) a selfish or malicious node can connect to a large number of opennet
>> nodes and use its 'fair share' of capacity at each one
>
> Why shouldn't a node with sufficient bandwidth be permitted to connect
> to as many other nodes as it can legitimately serve?
That's fine if you can be sure that all those connections come from
different individuals, as you can in the darknet. But in an opennet you
could be handing all your bandwidth over to an attacker who controls
multiple nodes (or just multiple IP addresses - which will be easy if
IPv6 ever gets off the ground).
Imagine an attacker with a 10 or 100 Mb/s connection - currently, the
amount of load the attacker can place on the network is limited not only
by his own bandwidth, but by the bandwidth of his peers. Unless a huge
number of people trust him, he won't be able to use all his bandwidth to
place load on the network. But in an opennet, he could inject traffic
through every opennet node as well as through his darknet peers.
> BitTorrent seems to get along just fine using tit-for-tat without the
> need for negative reputation - all reputation is positive and must be
> earned. Why can't we do the same?
Because BitTorrent doesn't have to deal with inserts. Responses to
requests can be verified, but it's not possible to verify responses to
inserts, so a tit-for-tat mechanism that measures the number of inserts
creates an incentive to lie ("sure, I inserted that file"), and a
tit-for-tat mechanism that doesn't measure the number of inserts creates
an incentive to drop inserts in favour of whatever the mechanism does
measure.
This probably isn't an insoluble problem - Matthew suggested some kind
of audit mechanism last time it came up - but it isn't something that
should be glossed over either. If we need an audit mechanism and a
tit-for-tat mechanism to make opennet safe then we're a long way from
deployment (and hopefully the darknet will continue to grow in the
meantime).
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE62cwyua14OQlJ3sRAtiwAKCXqx+I0eczrTfFhDNSkAiHV2WXhQCg/JtV
82LP/JrI5o1RTBetHBrcPjY=
=FEB4
-----END PGP SIGNATURE-----
