[e2e] About the primitives and their value

Pekka Nikander pekka.nikander at nomadiclab.com
Wed Aug 9 09:00:35 PDT 2006


>> The problem lies in how to distribute the "firewall information"  
>> within
>> the network so that the firewall closest to the attack source can and
>> will both intelligently enough filter out all or at least most of the
>> unwanted traffic and pass all wanted traffic.
>
> That assumes trusted relationships with basically everyone EXCEPT  
> those
> who are attacking you. I don't think that's a defensible position
> (either in rhetoric or in operation in the network).

No, it doesn't.  It just assumes a design where the social balance  
lies in the side of honest players, i.e., where playing honest is  
still a strategy with a higher pay-off than any dishonest strategy.   
It requires mechanisms that contain byzantine attacks and make cybil  
attacks unfeasible.  For some background, see e.g. Axelrod's "The  
Evolution of Co-operation".  But you probably know all that.

But that's why I state that this is more a micro-economic than  
network-technology problem.

>> So, at least from my point of view, the really hard problem is to  
>> device
>> the new "routing" infrastructure protocols in such a way that the  
>> ISPs
>> benefit from collaboratively knowing which traffic is wanted (by
>> someone) and which is not.
>
> I don't think this CAN be solved by secure or protected routing.  
> Near as
> I can tell, protected routing presumes highly constrained topologies
> which aren't feasible in practice. As someone recently told me, there
> are too many cases where "doing the right thing" is indistinguishable
> from a "routing protocol attack".

As long as we try to remain within the current send-receive paradigm,  
I'm afraid you are right.  However, if we consider other fundamental  
paradigms, I wouldn't be that sure.

> An alternate position to locking everything down (#1 above) is to
> diversify routing enough that _something_ gets through (#2 above) - a
> position which seems obvious, and came up in the same discussion noted
> above. That's 'best effort', what the Internet was predicated on, and
> IMO is a better position.

Maybe.  Maybe my interest in applying collaborative technologies in  
low-level networking infrastructures in a quest of trying to  
understand communications based on other fundamental paradigms but  
send-receive are futile.  But my intuition says otherwise.

--Pekka



More information about the end2end-interest mailing list