On May 20, 2010, at 08:39 AM, Flamsmark wrote: On 20 May 2010 07:44, <andrew@xxxxxxxxxxxxxx> wrote:
If Mallory lists Alice
and Bob, but neither Alice nor Bob list Mallory, it's not a valid
Family. Otherwise, Mallory could list every node in the network and
screw everyone.
Why would this screw everyone? I admit that I don't fully understand how families are implemented, however, this doesn't seem sensible to me. Under a scheme which allowed ``one-sided family declarations'' this doesn't seem to be the ideal behaviour. If Mallory lists all the nodes in the network, then this should prevent all the paths which have Mallory somewhere in them, but not paths which avoid her entirely. An aggressive family declaration by Mallory only prevents her from getting traffic, without impacting the rest of the network.This would seem to be the only sensible way to implement ``one-sided family declarations'', to prevent exactly the problem described.
The problem I see with this is that it requires some foresight and backtracking in the creation of tunnels, which will add to network strain, unless someone can suggest a way to plan out the tunnels ahead of time.
|