[p2p-hackers] How Piracy Will Hyperlocalize with Mesh Networks

Michael Blizek michi1 at michaelblizek.twilightparadox.com
Sat Jan 22 04:16:48 PST 2011 

Hi!

On 09:35 Sat 22 Jan     , Eugen Leitl wrote:
> On Sat, Jan 22, 2011 at 08:00:45AM +0100, Michael Blizek wrote:
...
> > Besides IPv6 is as broken as IPv4 in meshes. It provides zero security,
> 
> I'm seeing a loophole in IPv6 by way of providing a local /64 which
> is effectively scratch space. This would prepare the way for geographic
> routing when the table space growth goes exponential again.

In how far is this geographic routing supposed to help? Finding routes to the
other end of the mesh which you do not use anyway?

> > privacy and a single high-bandwidth application can slow everything down
> > extremely - and there is close to nothing you can do about this. The only
> > thing IPv6 does slightly better in meshes than IPv4 is automatic address
> 
> Positioning information is a good source of automatic address assignment,
> and there's machinery (DAD) helping you to deal with rare collisions.

Well, let's see which possibilities exist for defining addresses:
1) You have a very small address space and search the network to see if your
   randomly generated address is already in use before you use it.
2) You have a big address space and just generate an address and assume nodody
   else uses it.
3) You use public keys of a public-private key crypto to make sure nobody can
   "take over" somebody else's address.

If IPv6 can not even do 2 without any quirks it has *zero* reason for
existance in mesh networks. Not even "the outside is using IPv6" (they are
 *not*) is an argument, because you usually want to create an encrypted tunnel
to the exit node anyway.

> > assignment - and even this probably is not that hard to do in IPv4 unless you
> > have extreme situations.
> 
> IPv4 is dead, Jim.

IPv4 is *not* dead. Everybody is using it. I do not know a single ISP who
provides it to their customers. Besides IPv6 is close to being the worst you
can do from a privacy point of view. Getting rid of NAT is a very bad idea.
Having the last 64 bits globally unique no matter where you more is very bad
is well. Even privacy extensions (*if* used) are not as good, because addresses
will not get reused. Having the first 64 bits static is even worse. I seriously
doubt that it is not even necessary. Providers start implementing carrier side
NAT and if done right (with UPnP or other means of forwarding ports without
user intervention), this can be a significant privacy gain without any side
effects.

Yes I know how much application can be fingerprinted, but this does not mean
that we should constantly be adding ever more identifying information.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list