On Fri, 29 Mar 2002, Greg Broiles wrote: > This sounds like a bad assumption to me - both because it seems > unworkable given the size of the IPv4 address space (without even > thinking about IPv6), and because randomly probing other machines isn't > likely to be allowed (or successful) in a more security-aware > environment, which is what the DMCA and its ilk are creating.
If we're talking about the physical layer, not the virtual layer, the size of the address space is quite irrelevant, it's the density of occupation (fraction of p2p nodes/total address space) that counts. In the beginning, the density is low, so excessive scanning is necessary. However, you got your P2P package from a place (unless you use the P2P network to distribute own clients), and it could come with a number of last known nodes to connect to. Depending on whether you optimize for performance (high dimensionality) or high security (low dimensionality, prestige-based nodes) you would use different strategies. The physical layer of use-owned infrastructure is routed ad hoc mesh, with the connectivity being typically restricted to nearest members. Also, you will have dynamic nodes, which move around, and change their connectivity, and lots of nodes popping in and out. For this, you wouldn't want to use anything like TCP/IP but a geodetic routing scheme, which is local-knowledge-only based. Basically zero admin traffic outside of your direct neighbourhood, and a position fix for free, too. Latency is typically bad as long you do only store-and-forward instead of cut-through. Cut-through does make more sense with high local bandwidth within cell and high link throughput (vacuum as FIFO, only spilling over into local memory when your local cell bandwidth is exceeded). > Also, from an inbound perspective, it's not sensible to respond to incoming > queries from unknown users with potentially incriminating information - > e.g., "If he's connected to my port 31337, he's here for my warez, I'll > give him a full list!" - because what looks like an inbound "random probe" > may be a sweep performed by hostile actors, e.g., > <http://www.mediaenforcer.com> or <http://www.baytsp.com>. High security networks need to be cell-based, and use prestige as verified by crypto authentication. Your transaction track makes you accrue mana. A narc node would have to serve years before being admitted into local cell's inner sanctum, which relativates the damage of a local cell gone bust. Also, it is only a question of time until we'll see (stealthy) internet worms with p2p cargo. This could really boost a fledgling network into 100 kNode size virtually overnight. > Naive "self-organization" is not a reasonable approach for a hostile > environment. P2P content networks exist (and have always existed) in a > hostile environment. Problem with this is that P2P network designers typically operate in a babe in the woods mode, while hardening the network properly is very hard. http://freenetproject.org/cgi-bin/twiki/view/Main/WebHome seems to be less clueless than most, but it's hard to evaluate it on paper. > Designs which depend on friendly behavior on the part of unknown > counterparties are doomed. Eliminate the "friendly" assumption, or > eliminate the "unknown" aspect of the counterparties before transacting > with them.
