Interesting. There's a fundamental vulnerability in mesh routing: you either have to control addressing, or a malicious actor can flood the network topology with bogus data.
Just imagine somebody generating 10000000000 addresses and flooding everybody with that information.
It looks like Yggdrasil doesn't address (ha) this vulnerability? It kinda side-steps it by requiring enrollment through an already trusted node?
at least in the original implementation of this protocol (cjdns) there was already a tiny bit of proof of work happening in address generation. forgive me as this knowledge is over a decade old but it involved finding a curvecp private key that scalmults into a public key that (maybe whose hash?) begins with some specific number. this number is what's actually used as the ipv6 address. and that specific number is the routable ipv6 prefix.
the process would be run again and again during configuration generation until a key that fit this criteria was found. one could up the difficulty of this process considerably.. though not in a protocol backwards-compatible way.
> at least in the original implementation of this protocol (cjdns) there was already a tiny bit of proof of work happening in address generation.
It's just a 1 byte search, completely negligible from the performance standpoint. They look for a public key that has the SHA hash that starts with 0xFC, to indicate that it's not global IPv6 traffic.
I don't think it's possible to solve this, without either making a centralized addressing authority, or involving non-trivial amounts of real money via some blockchain.
Just imagine somebody generating 10000000000 addresses and flooding everybody with that information.
It looks like Yggdrasil doesn't address (ha) this vulnerability? It kinda side-steps it by requiring enrollment through an already trusted node?