RE: references on non-central authority network protocols

[Bruce Williams <brucewms () pacbell net>]

Uh, let's see - you submask k_public to route, hmm... either you have 32 bit
encription or you have IP1024... IP1024 - THAT would solve address space
limits, but imagine the BGP prefix updates...

Bruce Williams
"Two is not equal to three, even for large values of two"
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
> Scott A Crosby
> Sent: Saturday, April 13, 2002 6:45 PM
> To: Stephen Sprunk
> Cc: Patrick Thomas; nanog () merit edu
> Subject: Re: references on non-central authority network protocols
>
>
>
> On Sat, 13 Apr 2002, Stephen Sprunk wrote:
>
> > Thus spake "Patrick Thomas" <root () utility clubscholarship com>
> > > I am looking for any and all research (and perhaps your
> > > comments), references, etc. regarding replacements for the
> > > TCP/IP protocol that do not require centralized authority
> > > structures (central authority to assign network numbers).
> >
> > Please explain how you think any protocol could support
> non-trivial numbers
> > of users without some arbiter to prevent address collisions.
>
> Rolling off the top of my head, I think its doable. The
> general trick is
> to make it hard to forge packets with arbitrary addresses (by using
> authentication).
>
> Assume each host has an public and private key pair by some
> conventional
> algorithm (RSA, or other). The private key is never disclosed.
>
>   K_public, K_private.
>
> Let H be a collision resistant hash function, and SIGN do a digital
> signature that may be verified by anyone who knows K_public.
>
> Then, each host is given an address of:
>
>       k_public
>
> Now, annotate each packet with sufficient information to authenticate
> that the packet came from the host k_public.
>
>       SIGN(H(k_public || BODY)) || k_public || BODY
>
> (Note: hosts could be given addresses of H(k_public) for shorter
> addresses. Another enhancement would be to annotate the packet with a
> counter to help catch replay attacks.)
>
> Anyways, I think this fits the bill, you cannot create an arbitrary
> k_public of your choice. If you could, then you could break
> the public key
> cryptosystem (or the cryptographic hash).
>
> The only way to create a valid signature is to know
> k_private. Packets are
> not accepted unless they come with a valid signature, so
> knowing k_public
> does not tell one how to create packets.
>
> --
>
> A variant of this could be made where just the network is
> assigned with
> this scheme, the host isn't. IE, hosts are assigned addresses of:
>
>   k_public || hostaddr
>
> Which isn't robust against malicious hosts in the same
> network, but thats
> fixable with a heirarchial scheme.
>
> --
>
> This is off the top of my head, so I probably made a stupid
> mistake.. But
> I'm pretty sure some variation of this scheme would work.
>
> Scott