Differences

This shows you the differences between two versions of the page.

--- ch11 [2021-02-22 16:53] – [Change history] victor
+++ ch11 [2021-02-22 16:56] (current) – [Ideas for future work:] victor
@@ Line 74: / Line 74: @@
   *  Setting to only accept dynamic ip/port for specific chaos addresses. (Allow for future authentication extension?)
   *  Dynamic setting for chip table ttl.
-  *  Better routing support (see [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]])
+  *  Better routing support (fixed by [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]])
   *  Implement loopback (not LUP, but Chaos pkts to self). Currently they are in practice dropped. I'm not sure ITS handles this very well anyway.
   *  Use DNS to find Chaos addresses - see [[https://chaosnet.net/|more info here]].
   *  More CHUDP protocol functions?
   *  Security: while ITS with PANDA/PWORD may keep malicious people out, there are gaping holes once you have Chaosnet access. If dynamic CHIP entries are allowed, anyone can come up with a random Chaos address and read/write your system over MLDEV. Possible improvements:
-    * Use DTLS - or use the TLS link type in [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]]
+    * Use the TLS link type in [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]]
-    *    Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table.
+    *    Let MLSLV check that the chaos address translates to an ITS name in the ITSNMS table (or implement a cbridge-based firewall)
     *  Verify CHIP enties by checking that DNS entries for CH and IN classes match. This doesn't work for Chaos nodes with dynamic IP addresses (which is what it's supposed to support).
 See [[https://github.com/bictorv/chaosnet-bridge|the Chaosnet bridge program]] if you want to use Chaosnet in Linux/Unix

ITS wiki

User Tools

Site Tools

Differences

Page Tools