IETF Logo Mail Archive

[p2prg] P2P security

Ivan Shmakov <oneingray@gmail.com> Sun, 15 July 2012 16:29 UTC

Return-Path: <oneingray@gmail.com>
X-Original-To: p2prg@ietfa.amsl.com
Delivered-To: p2prg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4227321F848A for <p2prg@ietfa.amsl.com>; Sun, 15 Jul 2012 09:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3w3R5hlwGa03 for <p2prg@ietfa.amsl.com>; Sun, 15 Jul 2012 09:29:27 -0700 (PDT)
Received: from gray.siamics.net (unknown [IPv6:2002:bc78:e7e5::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1500D21F846F for <p2prg@irtf.org>; Sun, 15 Jul 2012 09:29:27 -0700 (PDT)
Received: from ivan by gray.siamics.net with local (Exim 4.72) (envelope-from <oneingray@gmail.com>) id 1SqRhp-0008GQ-Jy; Sun, 15 Jul 2012 23:30:01 +0700
From: Ivan Shmakov <oneingray@gmail.com>
To: p2prg@irtf.org
In-Reply-To: <5002DBE0.70209@um.es>
References: <1342361237.93893.YahooMailNeo@web142503.mail.bf1.yahoo.com> <5002DBE0.70209@um.es>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)
Sender: ivan@gray.siamics.net
Date: Sun, 15 Jul 2012 23:30:01 +0700
Message-ID: <86zk71vvg6.fsf_-_@gray.siamics.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Subject: [p2prg] P2P security
X-BeenThere: p2prg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer Research Group <p2prg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/p2prg>, <mailto:p2prg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/p2prg>
List-Post: <mailto:p2prg@irtf.org>
List-Help: <mailto:p2prg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/p2prg>, <mailto:p2prg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jul 2012 16:29:29 -0000

>>>>> Pedro Martínez Juliá <pedromj@um.es> writes:
>>>>> 15/07/12 16:07, b7uR:

[…]

 >> * lack of security

 >> * no computer in the network is reliable

 >> Therefore, peer-to-peer networks are only useful for a small number
 >> of computers (generally about 10), and only suitable for
 >> applications that do not require a high level of security (it is not
 >> advisable in a business network containing sensitive data).

	For a counter-example, Bitcoin is an “alternative currency”,
	which is backed by a P2P network, and is considered secure
	against forgery (IIRC, [1].)  By its very design, it's not
	secure against eavesdropping.

[1] http://www.slideshare.net/dakami/bitcoin-8776098

[…]

 > About security, reliability, and trust, your claims are totally
 > wrong.  You can build a security scheme for P2P networks and also a
 > reliable network by carefully selecting the nodes you use to build
 > the overlay network from the available nodes in the P2P network.

 > That said, you can control which nodes form part of the overlay
 > network, so they will not destroy your communication (see Kademlia).
 > Also, you can use any hashing and signing mechanism to ensure that
 > the information you receive is not modified on its way, the same as
 > the underlying networks.

	The data being distributed via a P2P network may be encrypted
	just as well (making eavesdropping ineffective), which is the
	basis of operation of the GNUnet, Freenet, and Tor P2P networks
	(AIUI.)

	Also, the Metalink [2] format, which allows for a single file to
	be downloaded from multiple sources at the same time, including
	P2P filesharing networks, is based on XML, and thus can be used
	along with XMLdsig [3] digital signatures to thwart forgery.

	The magnet: links may, and the .torrent files have to, contain
	cryptohashes, so, if received from a trusted source (like, for
	instance, a trusted HTTPS server), provide for a forgery-proof
	way to obtain data from a P2P network.

[…]

[2] http://tools.ietf.org/html/rfc5854
[3] http://www.w3.org/TR/xmldsig-core/

-- 
FSF associate member #7257	http://sf-day.org/

v2.23.0 | Report a Bug | By Email