Re: Non routable IPv6 registry proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 1/21/2021 9:57 PM, Phillip Hallam-Baker wrote:
On Fri, Jan 22, 2021 at 12:45 AM Christian Huitema <huitema@xxxxxxxxxxx> wrote:

On 1/21/2021 5:02 PM, Phillip Hallam-Baker wrote:

On Thu, Jan 21, 2021 at 2:56 PM Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
Putting two things together:
On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
...
> A ULA->Public key registry provides exactly the right degree of incentive. It allows us to take an area that is currently flaky as heck and make it 'just work'. That area is VPN access.

Yes, but afaik you (or I) can't claim ownership of random numbers. So if my ULA prefix is fd63:45eb:dc14::/48 and I provide a public key for it, what's to stop you using the same prefix and providing your own public key for it?

The registry undertakes to only issue each prefix once and bind it to a public key specified by the holder.

The registry publishes the allocation in an append only log which is attested by a blockchain type technique. So there is (almost) no scope for the registry to defect.

How do you protect the registry against a Sybil attack?

-- Christian Huitema

There is a one-time charge of $0.10 per registration. No renewal fees.
That should work if the "block chain" signatures can only be appended by the organization maintaining the registry. I wonder why just $0.10, given that for the normal user just learning the process will cost way more than that. Also, just the credit card fees are larger than that. Plus, if you want to guarantee the ownership "forever", you probably need sustained revenues in the long term.

So a DoS attack would merely swell the coffers of the not-for-profit Mesh foundation which will pay for development of code, etc.

I am not sure that a Sybil attack is relevant as there is absolutely no accreditation going on here except between the registry and the small set of chosen peer notaries. And they are merely cross notarising. There are no subjective or unconstrained inputs here. Every input is deterministic, the only non determinism comes from timing.

There are variants of the Sybil attack that concentrate on fractions of the address space. Also, if the space is just 40 bit wide, the attacker will start causing random collisions after registering 1 million entries.

Speaking of collisions, is there a way for registrants to test for collisions before registering? Is it correct to assume a publicly available blockchain?

-- Christian Huitema



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux