Re: HIP and PKI reqs [RE: Identifier/locator recap]

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

Iljitsch van Beijnum wrote:
> > You just take a different hash (or a different part
> > of an hash), and try again.
> Hm, this means that there must be a record with a cryptographic
> signature for every possible entry, including non-existing ones so a
> node can't fake a "doesn't exist" message. 
Actually you can do easier by not having a "doesn't exist" message.
If you don't get a reply from the primary server, as resolved
from the primary part of the hash, you just try to secondary
server, resolved from another part of the hash.  There can't be
any correlation between the servers (the hash is basically a
random number, pointing you to random servers).  The probability
of collusion between the servers is very very low, and can
be ignored.  Thus, you don't need to have any signatures for
non-existing ones.

> But I still don't like the
> idea of having to depend on some random servers somewhere on the net
> that I have no influence over.
Do you feel the same about MHAP randezvous points?

> Ok, I should have mentioned some constraints, mostly "distributed". In a
> tree, you can delegate sub-trees to organizations. When using a hash (or
> a simple flat space that can be searched using binary search) stuff from
> different people ends up on one pile so you need some level of trust to
> make it work.
Trust, or random reduncancy.  With random redundancy, you get some
level of byzantine robustness.  Other than that, I agree with you.

> > There we have the difference.  Computers don't understand names.
> > Names are just bit strings to them.  Public keys make *re*cognition
> > possible to computers, just like faces make it to people
> This is a good comparison. Yes, we recognize people by their face, but a
> face is not what identifies a person, that's their name and some extra
> info to discriminate against people with the same name.
Agree.  (As with the rest of your comment.)

--Pekka Nikander