lsd0014

LSD0014: Peer Identity Lifecycle Service (PILS)
Log | Files | Refs
commit a5392ef9bc7981887dc8a6dc9d1fc22affb83af3
parent 7f09f820dc4336caa0567135f9fd48e692cbefb8
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Fri, 18 Jul 2025 15:41:09 +0200

notes on PID generation

Diffstat:

Mdraft-schanzen-pils.xml | 34+++++++++++++++++++++++++---------


1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/draft-schanzen-pils.xml b/draft-schanzen-pils.xml
@@ -143,17 +143,33 @@ sk  = HKDF-Expand(prk, "gnunet-pils-ephemeral-peer-key", 32)
         used.
       </t>
     </section>
+    <section>
+      <name>Security and Privacy Considerations</name>
+      <t>
+        It may seem odd why GNUnet does not use a dedicated, randomly generated public key per address.
+        The reason is hidden in requirements from higher layers: Having the peer handle multiple peer identities
+        for each endpoint will cause the connectivity on the DHT overlay to deteriorate.
+        The same physical node in the network may be reachable on N different endpoints.
+        If each of those endpoints is associated with a random peer identity (and advertised as such) other peers
+        may populate their routing tables with more than one of those addresses, in the worst case all N of them.
+        However, any connection establishment to the same node in the network does not improve connectivity and
+        resiliance of the overlay network.
+        Likely, connectivity will degrade and if the peer is no longer reachable (churn / peer offline) more than one
+        entry in the routing table will have to be replaced with new connections that in turn will again possibly
+        only be connections to the same local node in the network.
+      </t>
+    </section>
     <!-- gana -->
     <section>
-         <name>Implementation and Deployment Status</name>
-         <t>
-         There is one implementation conforming to this specification, written in C. 
-         The implementation is part of <xref target="GNUnet"/> and represents the original and reference implementation.
-         </t>
-         <t>
-           FIXME test vectors
-         </t>
-         </section>
+      <name>Implementation and Deployment Status</name>
+      <t>
+      There is one implementation conforming to this specification, written in C. 
+      The implementation is part of <xref target="GNUnet"/> and represents the original and reference implementation.
+      </t>
+      <t>
+        FIXME test vectors
+      </t>
+    </section>
     <!-- <section>
     <name>Acknowledgements</name>
     <t>