[Dundi] [RFC] Reliability of contact information

[Mark Spencer]

> I would like to propose a small change to the DUNDi protocol and peering 
> procedure: when a peer wants to join the network, they must put their contact 
> information into their DUNDi server prior to requesting peerage. They would 
> then issue a command to their server to compute an SHA-1 hash of their 
> contact information, and provide that hash to the peer they are requesting 
> peerage with. That peer would add it to the peer definition in their 
> dundi.conf file (or equivalent for a non-Asterisk platform <G>).

This probably needs some further investigation.  It's an interesting 
concept, but if we're going to change the authentication system, it needs 
to be absolutely right.  Feel free to play around and see what you can 
make happen, but it needs to be solid if we're going to change things 
around.

> Then, periodically, that peer's DUNDi server should request the contact 
> information, recompute the hash, and compare. If the contact information has 
> changed and the hash has not been updated, the peer who changed their 
> information would be "cut off" from the network until the situation is 
> resolved.

Much like the "the ip of the far end is filled in by the next in line", 
this only seems to secure the farthest endpoint.  If I am an unscrupulous 
user, I would peer with an entity and then have my evil box peer with the 
one that i'm using, that way as i play with my EID and contact info my 
upstream peer isn't the wiser.

*that* is the part that is more challenging to track and where I think we 
need to be doing more work.  It would, for example, be convenient to have 
some sort of "traceroute" that tells you how you get to the remote peer.

It's not so much that this is a bad idea as much as it still seems 
incomplete at solving the problem.

Mark