More on n2n (by alaric)
I've been discussing n2n with my friends, and one of them raised an interesting point.
He pointed out that since n2n offers access control only at the network level - you need to know the network key to join a network - it works like the Internet of old: once you're in, you're in and fully trusted, and people can't get rid of you; they can just ignore you.
If that's a problem, then you have to do what the Internet had to do - set up local firewalling and access control.
This struck me as an interesting point about the trust model you're using.
See, the context of the conversation was about groups of people who knew each other creating n2n networks so they can communicate together and share stuff, isolated from the problems of moving between networks (you can keep a static IP within the n2n network, even though you connect to the n2n network from varying IPs) and getting through lame Internet connections with NAT and firewalls, and that sort of thing - and, encrypted so safe from eavesdroppers.
Yes, if everyone shared a single large n2n network, then you'd need access controls within it. The more people on the network, the less you can trust it. And the more chance there would be of somebody leaking the network key, and thus allowing eavesdroppers to decrypt the traffic.
So I see that there are some uses in having large widely-shared n2n networks; mainly for the benefits of having a static IP with bidirectional unfiltered access, no matter if you're behind nasty NAT routers that block useful outgoing ports.
But I think n2n's real function is to be a virtual Ethernet switch accessible via the Internet. Inter-host security is really a problem for higher layers, such as IPsec and application-layer security. I don't think n2n would benefit from having host-based access control built into it!
Crypto / security | alaric | 
Fri 23rd May 2008 11:02 am
Subscribe