[nly]

> Perhaps an alternative to sha1(ip+port) could be some form of cryptographic signature scheme, where the NodeID is a public key or hash of a public key

What stops me from creating 10 million keypairs and spamming them in to the DHT?

[dvanduzer]

That's a great question, and since there's a well-described public specification for such a scheme[0], I'd encourage you to look for similar attack vectors.

Generating 10 million RSA 2048 bit keypairs isn't free, and you still have to maintain a significant set of network flows and perform decryption against them.

[0]https://github.com/telehash/telehash.org/blob/master/protoco...

[smcnally]

Outside of this, what are the relationships between this BitTorrent's DHT and telehash? Are they covering the same ground but not necessarily compatible? Encrypted, distributed P2P traffic with discoverability would help a number of projects -- it would be great not to have to "pick a side" already.

[dvanduzer]

Jeepers, if I'd actually read the last slide, I'd have seen that the paper explicitly mentioned telehash.org with the sha1(ip:port) proposition.

That was v1 of the Telehash spec, and plenty of intervening feedback (along the lines of nly's comments) in the last three years has lead to the current v2 draft.

Telehash aims to be a bit more generalized than BitTorrent, stripping out the file seeking behavior and focusing on the lower level mesh network overlay. BT-like behavior (or other application patterns) can be implemented via "channels" between nodes.

Telehash also switched from sha1 to sha256 (and thus from 160bit to 256bit nodeIDs), along with NIST and now Microsoft (see wikipedia). That aside, sha(address) versus sha(pubkey) isn't really a surmountable difference. You're doomed to "pick a side" here. :)

But Telehash is extremely non-controversial and boring, otherwise. Within this Kademlia-based framework, it's following the best practices of the latest TLS specs (RSA + ECDHE + AES [GCM, I think]), subtracting X.509.

The spec is public domain, and most of the current alpha implementations (7 of which are interoperating at last count), have been MIT licensed since the get go.

whew That sums it all up, I think.

[nly]

Yeah I'm aware of Telehash. Any idea how large the current DHT is?

[dvanduzer]

Very small, as the second draft of the protocol is still in heavy revision.

[nly]

Not sure if you'll see this now. Having looked over TeleHash 2, I have quite a few concerns about the complexity of the protocol. It's hard to tell what is being accomplished at each step and why. The way things are composed and layered definitely needs explanation. For instance, signatures are encrypted, and there's a mix of RSA and EC, why?

[dvanduzer]

My cousin post in this larger thread might answer most of your questions.

Quick answers: the RSA + EC mix roughly mirrors TLS. The signature encryption is a recent update to make network analysis harder on passive listeners.

Most of the implementors are hanging out in XMPP:theroom@conference.jabber.org until Telehash-based chat is stable (a month maybe?). We'd love to get more feedback.