[Dundi] [RFC] Reliability of contact information

[Kevin P. Fleming]

Mark Spencer wrote:

> This probably needs some further investigation.  It's an interesting 
> concept, but if we're going to change the authentication system, it 
> needs to be absolutely right.  Feel free to play around and see what you 
> can make happen, but it needs to be solid if we're going to change 
> things around.

Agreed. Note that this new feature would be optional in the protocol, 
and only required by the GPA peers (or anyone else who wishes to require 
it).

> Much like the "the ip of the far end is filled in by the next in line", 
> this only seems to secure the farthest endpoint.  If I am an 
> unscrupulous user, I would peer with an entity and then have my evil box 
> peer with the one that i'm using, that way as i play with my EID and 
> contact info my upstream peer isn't the wiser.

This is a valid point. As I was in the shower this morning I was 
thinking that a "dundi query ee:ii:dd:ee:ii:dd" should not only report 
the contact information for the desired EID, but the "chain of trust" 
that verified the contact information hashes, starting at the farthest 
end and working back to my own server.

> *that* is the part that is more challenging to track and where I think 
> we need to be doing more work.  It would, for example, be convenient to 
> have some sort of "traceroute" that tells you how you get to the remote 
> peer.

See above... we're on the same wavelength here :-)

> It's not so much that this is a bad idea as much as it still seems 
> incomplete at solving the problem.

Yes, it was a late-night attempt to organize my thoughts and see if any 
other GPA members were interested in pursuing. I'm glad to see you 
didn't just dismiss it out of hand, as I really do think this is an 
important issue. In fact, my partner and I were discussing last night 
that if we can't make something like this happen, we likely cannot 
afford to participate in the GPA except on a very limited basis, which 
would be unfortunate.