[e2e] About the primitives and their value
pekka.nikander at nomadiclab.com
Wed Aug 9 09:00:35 PDT 2006
>> The problem lies in how to distribute the "firewall information"
>> the network so that the firewall closest to the attack source can and
>> will both intelligently enough filter out all or at least most of the
>> unwanted traffic and pass all wanted traffic.
> That assumes trusted relationships with basically everyone EXCEPT
> who are attacking you. I don't think that's a defensible position
> (either in rhetoric or in operation in the network).
No, it doesn't. It just assumes a design where the social balance
lies in the side of honest players, i.e., where playing honest is
still a strategy with a higher pay-off than any dishonest strategy.
It requires mechanisms that contain byzantine attacks and make cybil
attacks unfeasible. For some background, see e.g. Axelrod's "The
Evolution of Co-operation". But you probably know all that.
But that's why I state that this is more a micro-economic than
>> So, at least from my point of view, the really hard problem is to
>> the new "routing" infrastructure protocols in such a way that the
>> benefit from collaboratively knowing which traffic is wanted (by
>> someone) and which is not.
> I don't think this CAN be solved by secure or protected routing.
> Near as
> I can tell, protected routing presumes highly constrained topologies
> which aren't feasible in practice. As someone recently told me, there
> are too many cases where "doing the right thing" is indistinguishable
> from a "routing protocol attack".
As long as we try to remain within the current send-receive paradigm,
I'm afraid you are right. However, if we consider other fundamental
paradigms, I wouldn't be that sure.
> An alternate position to locking everything down (#1 above) is to
> diversify routing enough that _something_ gets through (#2 above) - a
> position which seems obvious, and came up in the same discussion noted
> above. That's 'best effort', what the Internet was predicated on, and
> IMO is a better position.
Maybe. Maybe my interest in applying collaborative technologies in
low-level networking infrastructures in a quest of trying to
understand communications based on other fundamental paradigms but
send-receive are futile. But my intuition says otherwise.
More information about the end2end-interest