Michael J. Freedman
mfreed at cs.nyu.edu
Mon Jan 5 07:46:55 UTC 2004
On Sun, 4 Jan 2004, [iso-8859-1] Some Guy wrote:
> One quick dumb question: Do Minion and Tor both require you know about all the nodes like Tarzan?
> I'm tring to work on a DHT topology where that shouldn't be the case.
No, although they are really designed with a smaller network in mind,
i.e., there's some near complete list (likely Roger's head) of all the
nodes in the network. That is, they don't really consider the problem of
psuedospoofing attacks, as remailer operators are generally
(pseudonymously) known and there are not too many of such.
There's been preciously little work in securing DHT topologies, mostly
because it's a very hard problem. (E.g., see "the Sybil attack" at IPTPS
01) The only 2 papers I'm aware of are Sit & Morris at IPTPS 01 (position
paper) and Castro et al at OSDI 02 ("Secure Pastry"). To prevent
psuedo-spoofing (the Sybil attack), the latter requires some centralized,
trusted registration authority.
"Not all those who wander are lost." www.michaelfreedman.org
More information about the tor-dev