Re: [Din] I-D: The R5N Distributed Hash Table
Christian Huitema <huitema@huitema.net> Mon, 29 August 2022 17:18 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 576E3C152571 for <din@ietfa.amsl.com>; Mon, 29 Aug 2022 10:18:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6TtMVJJjBm6k for <din@ietfa.amsl.com>; Mon, 29 Aug 2022 10:18:38 -0700 (PDT)
Received: from mx36-out21.antispamcloud.com (mx36-out21.antispamcloud.com [209.126.121.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29635C1524DC for <din@irtf.org>; Mon, 29 Aug 2022 10:18:38 -0700 (PDT)
Received: from xse121.mail2web.com ([66.113.196.121] helo=xse.mail2web.com) by mx259.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1oSiP0-000LA4-00 for din@irtf.org; Mon, 29 Aug 2022 19:18:36 +0200
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4MGcb96mvsz2dT for <din@irtf.org>; Mon, 29 Aug 2022 10:18:13 -0700 (PDT)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1oSiOr-0006Vm-Om for din@irtf.org; Mon, 29 Aug 2022 10:18:13 -0700
Received: (qmail 5709 invoked from network); 29 Aug 2022 17:18:13 -0000
Received: from unknown (HELO [10.32.61.229]) (Authenticated-user:_huitema@huitema.net@[192.0.32.236]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mschanzenbach@posteo.de>; 29 Aug 2022 17:18:12 -0000
Message-ID: <25a166db-b191-f73e-9e3d-3bf67f8346ee@huitema.net>
Date: Mon, 29 Aug 2022 10:18:10 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0
Content-Language: en-US
To: "Schanzenbach, Martin" <mschanzenbach@posteo.de>, din@irtf.org
References: <FEA8D5F6-AB8F-47F8-B511-7587CCD5F0EB@posteo.de>
From: Christian Huitema <huitema@huitema.net>
In-Reply-To: <FEA8D5F6-AB8F-47F8-B511-7587CCD5F0EB@posteo.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.196.121
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.196.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wAnfCnTCZunuP0OK3Vuj0Pj3CSdYahsEhiizd3WfZtEZmn ZD/pAtNB7YrU7iybBv3lYLLlWSy3OGfGBNeqx2anHyJxjDLo4/ugN15VVJm4KWrxEaaKeSxe0Wrx 6M4G5/Wm4Zd53xWOh54QqC5fJ2uRABqbhd9afmijQ70GfGsAYVxh7hoyMoWHMkqYfQEaAmsLx37j FXSWNb1fNzg7BhSepbt3W3gfNnuKkqGP09ZKLP25Cgscc2Nqd9azmDa4ZbYxn04qRLKGrOrEzQDq o2Fe5e0H1p2YD3fIDgqE3F/hSENKwnAR2oVisY+bnEqWCKi5klmK1va3wJScg92pg//jdNpXP/ul EV6DIUDLc0Yd6iTlYE+Zcn8p1rPpG64P1y7nVrUQfxkYoV3jt7fqlPgR0kaOEXLuWd+6zLg4wp8u X1nsyWu8Q0HDoORE+fy5gr3LgKffTIgl7nuGO/IJU1342OUMeHyTpNN0eXybX/w7/4a+Zyc1sUYl ckMDbruAhxeLAMKmgwH2OI1KXZVCaM7UA33SSIOjk6trAcgw0LwdtPNFC6ycPyKObBEZi1AbW+EE 2V+kliQSnW30F9gv6HtAoYYpy78/ZfTpWFqEVNffsiyZvdx3ZJDsPzrvEdt+b8mxX4OQOI/UQ6jn FfMBgzwOSHunMg5j/UO+IMRndiIcrnpAjRWMcKsbDFg+TSLYydPZcpPgEJKLbDyaC/LdLvvYeWJu vP/QPDrwZVzWoS80rfpVB9v9zY0h8asEYmbGGsJD9ySC20IzFkBtfP+lFUR42xHMczD8YCtrAfWq IBRu4r13qFZSq8Fx+9otn0aqja8VKPqpdskk5LxBR/9t1zMMkdu6/R2FM84kxYRFSvC1IDg1BRW7 hzp8w3iHcOwbVtsmWfnQGGis4EvbR3jXsI0ESXwhBU2hwt/J18C+HygJl/jEzm1SsR8v3aJbN/NZ fa8pHhHaz+HPa0HAgEx4sWDF
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/ROLrkWxyt7xNhSTZKDxaROE7_dY>
Subject: Re: [Din] I-D: The R5N Distributed Hash Table
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2022 17:18:40 -0000
On 8/29/2022 5:18 AM, Schanzenbach, Martin wrote: > Hi dinrg! > > I hope this email finds you all in good health. > > Wwe wanted to touch ground with you if any of you would be interested in our specification > on R5N, a protocol for randomised recursive routing for restricted-route networks. [1] > It is a distributed hash table protocol and we currently have two independent implementations. > The document is not finished but in a parseable state and feedback is very welcome either way. > > This DHT can serve as a basis for GNS, for which there is a draft already quite far into the ISE process [2]. > In fact, it is what our GNS implementations are using at the moment. > > Thank you and have a nice day > Martin > > [1] https://datatracker.ietf.org/doc/draft-schanzen-r5n/ > [2] https://datatracker.ietf.org/doc/draft-schanzen-gns/ The R5N protocol is built on the classic DHT, kamdelia. Starting with a well known algorithm makes a lot of sense, but I wonder whether some more work is needed regarding locality and security. The connectedness of the DHT relies on each node learning about its closest neighbors, where closest means lowest distance between the peer ID, not lowest distance across the network. As the reach of the DHT increases, the network distance between the closest neighbors increases -- the "closest" neighbors will be at random locations across the Internet. Each node will generate network traffic required to maintain the closest list, and the aggregate may end up quite noticeable. The dependency on closest neighbors may also be a security issue. Each node depends on the good behavior of its closest neighbors. Attackers may single out a set of target peer ID, and spend some time generating peer IDs that have a close distance to this target. Once the attackers have secured a position in the list of closest neighbors of their target, they can mount a set of attacks, such as monitoring traffic to the target or denying service to the target. The monitoring problem goes beyond just the list of closest neighbors. If attackers create a sufficient number of nodes, they will be able to monitor and possibly disturb a fraction of the traffic. The random routing steps in R5S ensure that resolution starts from random points in the network, which has both good and bad effects. On the good side, it means that repeated queries will follow different paths, which is more robust than always following a fixed path. On the other hand, the randomness almost ensures that a fraction of the queries will hit the attackers' nodes. Such issues are inherent with the classic DHT technology, but they may be solved in alternative technologies, as demonstrated by Freenet. Of course, this is your project, your choices. But it would be very nice to have some higher emphasis on locality, so that for example resolution of local names does not generate traffic outside the local network -- that would be better for privacy, and also more robust. -- Christian Huitema
- [Din] I-D: The R5N Distributed Hash Table Schanzenbach, Martin
- Re: [Din] I-D: The R5N Distributed Hash Table Christian Huitema
- Re: [Din] I-D: The R5N Distributed Hash Table Schanzenbach, Martin
- Re: [Din] I-D: The R5N Distributed Hash Table Christian Huitema
- Re: [Din] I-D: The R5N Distributed Hash Table Leandro Navarro Moldes
- Re: [Din] I-D: The R5N Distributed Hash Table Jens Finkhaeuser