Alsuren

May 18, 2008

Oh Microsoft-chan. How we laughed

Filed under: Uncategorized — alsuren @ 9:29 pm

Alex pointed me at http://en.wikipedia.org/wiki/Peer_Name_Resolution_Protocol, saying it was confusing him. I’m not surprised: It appears to be made of epic lolz (as you might expect from redmond)

From what I’ve gathered, it’s basically a patented, “secure” version of zeroconf, for use in p2p applications. “Features” include:

a) public key “secured” name resolution, of the form hash(key):name.
b) IPv6 only.
c) Can be extended to the internetz at large, using a known server (provided exclusively by MS).

Now correct me if I’m wrong, but surely 1 is not possible in a P2P system? Here’s my thinking:

1) The client must have before-hand knowledge of the public key.
2) The server must have knowledge of the private key.
3) All nodes in a P2P network are both clients and servers.
4) For commercially installable software, the client machine cannot be trusted.

5) 2, 3 imply that all copies of the software include the “private” key.
6) 4, 5 imply that the private key cannot be trusted

lolz on line 6.

So a) is not valid for the target market (to be honest: why the hell would you want security at the dns level anyway? Surely that’s what SASL crap and SSL are for?)

b) is probably about the only thing I’ve found that you need IP6 for.

c) makes it a bit like standard DNS then, I guess… except without the whole “dhcp support” or “interoperable implementations”, or any of the things you might want to help you avoid painful configuration issues.

Advertisements

1 Comment »

  1. Indeed MS P2P does seem to be made of lolz… though my understanding is slowly improving and I can’t say it’s *all* bad. The problem with the MSDN articles on the topic is that they read more like marketing press than dev articles (and therefore have instilled us with much FUD). In the process of my learning WPF/WCF I just might try out MS P2P/PNRP in code and test some of the MS claims. 😛

    A few small things need clarification:
    1. It itsn’t just IPv6 I believe, since it can use IPv4 with Teredo (some sort of MS technology that allows IPv6 apps to run over IPv4 networks).
    2. There seemed to be a hint (somewhere) that a certain peer acts as a verifier for secured peer names (possibly the seed server for global meshes). Not sure about this however.

    Your analysis of the whole security of the thing seems spot on to me. 😛 I’d really be interested in what the MS devs were thinking when they planned it… perhaps just user lock-in and patent rights, as you suggested?

    Comment by alexreg — May 20, 2008 @ 6:53 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: