bib fixed and minor corrections/comments #4
Conversation
|
|
||
| While DNSSEC can prevent tampering of communications from a third-party attacker, it does not prevent other types of misconduct perpetrated by the DNS resolvers and name servers themselves, since they are still able to provide misleading information or to completely omit data regarding domain names that effectively become censored. This is because, from the client's point of view, DNS appears to be a centralized system (it is also a client/server protocol): the client only communicates with a DNS resolver, which will then search for the answer to the client's requests as described previously, if it doesn't already have that information. | ||
|
|
||
| This discussion is very similar to what is explained at the beginning of Chapter~\ref{ch:storage}. Indeed, if we consider in which failure model both the DNS and the communication channel are set, we would argue that they both lie in a stopping failure model. When we allow the channel to fail in a Byzantine manner we introduce public-key cryptography with DNSSEC (a system parallel to HTTPS) to avoid messages being tampered with, but this does not protect from misbehavior of the DNS resolvers themselves. | ||
| This discussion is very similar to what is explained at the beginning of Chapter~\ref{ch:storage}. Indeed, if we consider in which failure model both the DNS and the communication channel are set, we would argue that they both lie in a stopping failure model. The usage of public-key cryptography with DNSSEC (a system parallel to HTTPS) prevents messages from being tampered with, but does not prevent misbehavior of the DNS resolvers themselves. |
There was a problem hiding this comment.
Here it's not clear that public-key crypto was introduced to counter damage from Byzantine failures.
There was a problem hiding this comment.
From my POV "tampered with" is enough here.
There was a problem hiding this comment.
How about adding (as expected from Byzantine channels) after tampered with?
There was a problem hiding this comment.
If you want to include that, i'd phrase it a bit differently, something like:
"(a possibility in the Byzantine model)"
| @@ -643,6 +646,7 @@ \subsection{Analysis} | |||
| % It does, and ZeroNet does not have a DHT | |||
|
|
|||
| From the above we derive that ZeroNet data transfer protocol is not Byzantine fault tolerant since peer discovery can be compromised. The lack of a BFT peer discovery system exposes ZeroNet to potential censorship as trackers and peers alike can refuse to provide correct information when requesting clients that share some given sites. On the other hand, it is worth noting that, in order to function, peer discovery only needs one non-failed tracker that provides enough information to discover a sufficiently large portion of the network, which then allows for peer exchange to be viable and improve on connectivity with other peers. But this is not enough to obtain BFT peer discovery: censorship attacks are unlikely to target only a portion of trackers, especially since a list of the servers used by ZeroNet is directly obtainable from the project's source code, therefore we cannot trust any single tracker. | |||
| %todo(leandro) - It's not clear to me if the model assumptions of 1/3 Byzantine is sufficient here or not. | |||
There was a problem hiding this comment.
I am purposefully ignoring the assumption that only 1/3 of the network is Byzantine because it's very feasible to shut down all trackers. Obviously, if 2/3 of the trackers are assumed to be operational then we have no problem.
This is why I originally made a distinction between static and dynamic systems, where static systems didn't have the 1/3 limitation. But we removed that, so now this is without foundation.
There was a problem hiding this comment.
You could make that point here with a sentence. Something along the lines of:
"Since trackers are a small number of fixed servers, we argue that subverting more than 1/3 of them is feasible".
| @@ -714,25 +718,26 @@ \section{Other solutions}\label{sec:browserprojects} | |||
| \begin{itemize} | |||
| \item \textbf{SAFE Network}\footnote{SAFE Network: \url{https://safenetwork.org/}}: a project developed by MaidSafe\footnote{MaidSafe: \url{https://maidsafe.net/}} that aims to reuse available hard disk space of computers to provide a distributed storage system, which can be accessed and explored with the SAFE browser; at the time of writing, this project is only available on an Alpha test network; | |||
| \item \textbf{Beaker Browser}\footnote{Beaker Browser: \url{https://beakerbrowser.com/}}: based on the dataset synchronization protocol known as Dat, Beaker Browser allows for creation and visualization of distributed websites, although it fails to provide or reuse a distributed naming system, relying instead on HTTP and DNS to resolve names; | |||
| \item \textbf{Freenet}\footnote{Freenet: \url{https://freenetproject.org/}}: a very mature project, with its initial release dating back to the year 2000, it's a peer-to-peer platform focused on anonymity and censorship resistance; Freenet allows browsing websites, known as \emph{freesites}, but the naming scheme is based on nicknames, which are simply labels defined and stored by single users and not shared globally, thus not defying Zooko's Triangle. | |||
| \item \textbf{Freenet}\footnote{Freenet: \url{https://freenetproject.org/}}: a very mature project, with its initial release dating back to the year 2000, it's a peer-to-peer platform focused on anonymity and censorship resistance; Freenet allows browsing websites, known as \emph{freesites}, but the naming scheme is based on nicknames, which are simply labels defined and stored by single users and not shared globally. % , thus not defying Zooko's Triangle. | |||
| %todo(leandro) - I've cut the small part above because it may be mistaken as if Zooko's Triangle has not been refuted (and you mention that Namecoin does). | |||
There was a problem hiding this comment.
Freenet's non-refusal of Zooko's Triangle is the only reason for which Freenet was not included in the Thesis. Are we sure we want to cut it?
There was a problem hiding this comment.
I see, no problem. It's only the word "refute" that might lead to a different interpretation.
Also, I'd mention the specific property that it does not satisfy. Something like:
", thus not satisfying property X from Zooko's Triangle."
There was a problem hiding this comment.
I will do that.
Since the violated property is security, I will also expand that definition a bit, by changing it from:
an attacker cannot fake name resolutions
to:
name resolutions will yield the same result for everyone in the network, and an attacker cannot fake name resolutions
There was a problem hiding this comment.
I think this last phrase sounds a bit repetitive and might be slightly wrong, in the sense that "the same result for everyone" is too vague (e.g., what if you see the new value but i'm still seeing the old one? that isn't necessarily "wrong", depending on the consistency guarantees).
There was a problem hiding this comment.
Actually, I'm wrong, Freenet nicknames are secure but not decentralized (obviously). I will leave the definitions as they are.
| } | ||
|
|
||
| @misc{multihash, | ||
| title={Multihash}, | ||
| howpublished={\url{https://github.com/multiformats/multihash}}, | ||
| author={Benet, Juan}, | ||
| year={2014}, |
There was a problem hiding this comment.
Where did you find this information? There's at least another github repo that needs this
There was a problem hiding this comment.
I got it from the first commit in the repo, but I guess that's not necessarily correct in this specific case.
You can remove it (I was trying to add author/year to all entries at some point just to make it compile, but it's not necessary anymore).
Hi Eric,
I've gone through the whole thesis and made some minor changes/comments.
I also modified the bib style and updated some of the entries.
Can you please double check the modified ones?