Author: Eugen Leitl Date: To: michi1, netsukuku Subject: Re: [Netsukuku] DOS/MITM by TP spoofing??
On Wed, Oct 26, 2011 at 02:10:16PM +0200, michi1@??? wrote:
> > NAT provides no anonymization whatsoever, if compared to Tor or I2P.
> If compared to Tor or I2P - not really. If compared to IPv4 without NAT: Yes,
> it does. You tell me how to find who did something, if the source IP points to
> a network with 1000 pcs in it.
Again, NAT is a braindamaged solution to the address scarcity problem, hides nothing
as you can probe and do Layer 7 level analysis and NAT penetration is part of
NAT reality and P2P applications. NAT might give you plausible deniability
before the law, but we're talking engineering, and not legalese.
> > If you want efficient (cut-through at relativistic speed) and no global
> > routing tables you must follow geography. There is no other way.
> Correction: your routing tables must be "small". You can do this with the
Yes, they're small enough for hardware lookup even for purely photonic
implementations as they only store local connecvitivity/its deviation
from idealicity. It's obvious that the current router table bloat is rapidly
heading towards a catastrophe. It will be likely postponed by introducing
e.g. hyperbolic mapping (which makes it converge towards geography, actually)
just as CIDR postponed the reckoning with IPv4, but eventually you have
to change the architecture.
> usual network/prefix addressing or you can present each network as one host
> and do NAT.
NAT is dead, let's get used to the idea.
> > > onion encryption or geographically distributed. But overlay mix networks have
> > > their own problems, like performance, exit node liability/harassment or the
> > Exactly, the same network provides both low-overhead high-performance
> > services and high-overhead slower services for those cases where you
> > need anonymity. There's no need for mandatory overhead for optional
> > features.
> Mix networks are slow, *because* they are overlay networks. Pinging between 2
That's what I said, yes.
> routers takes 100ms instead of 1ms. This will not get any faster.
Of course it can get faster. But it doesn't have to get much faster than
today in order to be usable.
> Also, anonymity is *not* an optional feature. It was accidentially present in
It is not an optional feature, in the sense that you *must* have it. However, it is optional
in the sense that sometimes you must or want to operate closer to the possible
efficiency, and hiding your physical location/identity is not required.
In a sane world, >99% of the traffic is not anonymous, on the average.
> some way or another from the beginning (weak anonymity, not "Tor or I2P"). It
> is on important part, far from "optional". Do you think an internet where
> every source IP address can be linked to a real person in real time by
> everyone would be the same as the internet now?
You misunderstood me.
> Also, first we would even need to get from "too slow for most uses" to
> "optional". Any suggestions?
> > Exit node is meaningless if your every node is an exit.
> > > entire network ending up blacklisted. I see no reason, why anonymisation
> > We're not talking about the Internet as we know it, Jim.
> What do you want to tell me?
That the constraints are very different if you're implementing it as a virtual
layer on top of the existing Internet, or if you're rolling your own infrastructure
from scratch (=migrating from the virtual implementation using the Internet
as a transport layer).
> > > should not start on layer 3. Especially not, if we build it from scratch
> > > anyway.
> > If you build it from scratch then geographic addressing and routing would be
> > a layer 2 feature. Think of it loosely like the MAC equivalent in Ethernet.
> You mean something close to the IPv6 catastrophe?
The suite of protocols would be incompatible with the current protocols, though
they could coexist by using available crawlspace in e.g. IPv6 or using the Internet as
a transport layer for bootstrap purposes, which would be transparent
apart from the overhead.