[liberationtech] CJDNS hype

Caleb James DeLisle calebdelisle at lavabit.com
Sun Jul 14 20:28:19 PDT 2013 


On 07/14/2013 10:00 PM, Mitar wrote:
> Hi!
> 
> On Sun, Jul 14, 2013 at 10:25 AM, Caleb James DeLisle
> <calebdelisle at lavabit.com> wrote:
>> The most scary general attack on the idea is a node who drops 10% of the
>> packets sent through them. I don't know how to detect it statelessly and
>> they can do quite a bit of damage.
> 
> Exactly. You don't have to black hole everything, just enough to make
> the network behave badly.

If you blackhole everything then the network routes around you.
The obvious example is when a node disconnects/reboots/etc.

> 
>> Again though the physical reality of the network comes in to play.
> 
> A "physical reality" in your case means the tunnels between nodes, not
> necessary the real-world physical distance?
> 
> So you have tunnels between nodes and you assume that those tunnels
> are established based on some trust?
> 
> And you route along the tunnels? I thought that you route along the
> Kademlia distance between keys of nodes. So if my key ID is closer to
> node B than to node C, I send packet to node B. And it does not matter
> how the tunnels are setup. It seems I misunderstood something then.
> This is then quite different than Kademlia. And from whitepaper:
> 
> "The "address space distance" between any two given addresses is
> defined as the of the result of the two addresses XOR'd against one
> another, rotated 64 bits, then interpreted as a big endian integer."
> 
> So where does this definition of distance take into the account that
> there is trust between two addresses but no trust between some other
> two addresses?
> 

It's similar to Virtual Ring Routing
research.microsoft.com/pubs/75325/virtualring.pdf

There is a physical network and a virtual DHT, it uses the DHT to find
paths through the physical network and because the physical network is
invite-only, most of the "I'll connect 10,000 fake nodes" type attacks
just don't make sense.

You'd need a botnet to attack the network because then you could have
nodes spread out over physical space but clustered in keyspace.

Thanks,
Caleb


> 
> Mitar
>

More information about the liberationtech mailing list