If you pirate music, you're downloading fascism!

Paul Mather paul at GROMIT.DLIB.VT.EDU
Thu Apr 9 08:55:58 EDT 2009


On 9 Apr 2009, at 4:01 AM, Arjan Hulsebos wrote:

> On Wed, 8 Apr 2009 18:56:10 -0400, Paul Mather wrote
>> On 3 Apr 2009, at 5:48 AM, Arjan Hulsebos wrote:
>>
>>> On Thu, 2 Apr 2009 17:19:27 -0400, Paul Mather wrote
>>>
>>>> Secondly, it  appears to turn the P2P approach entirely on its head
>>>> by forcing all  traffic through the VPN instead of... peer to peer.
>>>> That's kind of  dumb for a P2P application, or at the very least,
>>>> not very scalable.
>>>
>>> You could, rather than just setting up a tcp connection for p2p
>>> exchange,
>>> build a VPN first, then set up the tcp connection through the VPN.
>>
>> Actually, what you're suggesting above is to have peers make
>> encrypted  connections to each other (which isn't quite the same as
>> routing  traffic through a VPN).  Lots of BitTorrent clients already
>> support  this.
>
> No, that's not what I mean. I'm talking about using IPSec, and  
> sending AH, or
> ESP traffic rather than TCP or UDP.

Oh, okay, but again, why?  And what would an ad hoc point-to-point  
IPSec link buy you above just a simple encrypted connection, other  
than more headaches?  Aside from the bandwidth loss due to  
encapsulation, lots of folks are behind NAT and (assuming support was  
deployed) you'd lose yet more bandwidth due to NAT-T encapsulation.   
(Assuming you could overcome the "firewalled" status that afflicts  
lots of BitTorrent users to get the whole idea to fly reliably.)

> Using port 80 on your client probably would also do (unless your ISP  
> doesn't
> allow you to run webservers at home).

I believe ISPs gave up using port numbers for throttling BitTorrent  
traffic ages ago.  Don't they all use deep packet inspection these days?

>> Unfortunately, for popular/notorious sites, you can still block
>> access  to the tracker based upon its well-known address, and can
>> still do  traffic shaping by snooping data from unencrypted tracker
>> connections  and then blocking (even encrypted) client connections.
>
> Then the next step will be distributed infrastructure, like DNS  
> servers and
> trackers. But that's too close to the botnet model to feel  
> comfortable, I must
> admit.

You mean use something like Tor?  (It still has identifiable endpoint  
nodes.)

I still maintain that the larger problem is that BitTorrent's success  
is also an achilles heel: faster aggregate bandwidth requires being  
able to locate peers.  And, being able to locate peers means being  
identifiable in some way.

One of the good thing to come out of the BitTorrent arms race is that  
it does drive technology to make a lot of these long-standing  
deployment issues (NAT traversal, ubiquitous encryption, etc.) easier.

Cheers,

Paul.

e-mail: paul at gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
  deadlines or dates by which bills must be paid."
         --- Frank Vincent Zappa



More information about the boc-l mailing list