ITS wiki

The Incompatible Timesharing System

User Tools

Site Tools


ch11

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ch11 [2021-02-22 16:53]
victor [Change history]
ch11 [2021-02-22 16:56] (current)
victor [Ideas for future work:]
Line 74: Line 74:
   *  Setting to only accept dynamic ip/port for specific chaos addresses. (Allow for future authentication extension?)   *  Setting to only accept dynamic ip/port for specific chaos addresses. (Allow for future authentication extension?)
   *  Dynamic setting for chip table ttl.   *  Dynamic setting for chip table ttl.
-  *  Better routing support (see [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]])+  *  Better routing support (fixed by [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]])
   *  Implement loopback (not LUP, but Chaos pkts to self). Currently they are in practice dropped. I'm not sure ITS handles this very well anyway.   *  Implement loopback (not LUP, but Chaos pkts to self). Currently they are in practice dropped. I'm not sure ITS handles this very well anyway.
   *  Use DNS to find Chaos addresses - see [[https://chaosnet.net/|more info here]].   *  Use DNS to find Chaos addresses - see [[https://chaosnet.net/|more info here]].
   *  More CHUDP protocol functions?   *  More CHUDP protocol functions?
   *  Security: while ITS with PANDA/PWORD may keep malicious people out, there are gaping holes once you have Chaosnet access. If dynamic CHIP entries are allowed, anyone can come up with a random Chaos address and read/write your system over MLDEV. Possible improvements:   *  Security: while ITS with PANDA/PWORD may keep malicious people out, there are gaping holes once you have Chaosnet access. If dynamic CHIP entries are allowed, anyone can come up with a random Chaos address and read/write your system over MLDEV. Possible improvements:
-    * Use DTLS - or use the TLS link type in [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]] +    * Use the TLS link type in [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]] 
-    *    Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table.+    *    Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table (or implement a cbridge-based firewall)
     *  Verify CHIP enties by checking that DNS entries for CH and IN classes match. This doesn't work for Chaos nodes with dynamic IP addresses (which is what it's supposed to support).     *  Verify CHIP enties by checking that DNS entries for CH and IN classes match. This doesn't work for Chaos nodes with dynamic IP addresses (which is what it's supposed to support).
  
 See [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]] if you want to use Chaosnet in Linux/Unix See [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]] if you want to use Chaosnet in Linux/Unix
ch11.txt · Last modified: 2021-02-22 16:56 by victor