I can't see how. Who would be the root of trust for the peers' certificate chains?
No root of trust is needed, self-signed certificates are good enough. This set-up isn't going to prevent man-in-the-middle attacks against any specific connection, but for working around those filters it is already sufficient to prevent the ISP from systematically snooping on all p2p filesharing traffic. With a TLS-based bittorrent system, the only way in which an ISP could snoop systematically would be by systematically conducting man-in-the-middle attacks against against all TLS connections that are only secured by a self-signed certificate. This would not only be so computationally intensive that it is technically close to impossible, but it would also attack all HTTPS connections to servers which only have a self-signed certificate, and that is clearly illegal and easy to detect.
As long as using https etc isn't made illegal, such a "network-based
solution" is relatively easy to work around - it's easy to modify
e.g. bittorrent to use encrypted (e.g. TLS) connections instead of
unencrypted TCP connections. This use of encryption wouldn't provide
a lot of security (that is impossible as long as there's no way to
distinguish between genuinely friendly nodes in the P2P network and
those which are under the control of the RIAA or similar organization)
but it would be good enough to prevent a "network-based solution" from
recognizing anything.
In the article, AT&T's Mr. Cicconi is quoted as having said: "We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this."
Why are they so interested in this? Because there will be pressure on
smaller ISPs to do the same, with the difference that for smaller ISPs,
roughly the same absolute cost divided by a much smaller number of
customers is a much greater per-customer cost?
Slashdot Mirror
No root of trust is needed, self-signed certificates are good enough. This set-up isn't going to prevent man-in-the-middle attacks against any specific connection, but for working around those filters it is already sufficient to prevent the ISP from systematically snooping on all p2p filesharing traffic. With a TLS-based bittorrent system, the only way in which an ISP could snoop systematically would be by systematically conducting man-in-the-middle attacks against against all TLS connections that are only secured by a self-signed certificate. This would not only be so computationally intensive that it is technically close to impossible, but it would also attack all HTTPS connections to servers which only have a self-signed certificate, and that is clearly illegal and easy to detect.
As long as using https etc isn't made illegal, such a "network-based solution" is relatively easy to work around - it's easy to modify e.g. bittorrent to use encrypted (e.g. TLS) connections instead of unencrypted TCP connections. This use of encryption wouldn't provide a lot of security (that is impossible as long as there's no way to distinguish between genuinely friendly nodes in the P2P network and those which are under the control of the RIAA or similar organization) but it would be good enough to prevent a "network-based solution" from recognizing anything.
Why are they so interested in this? Because there will be pressure on smaller ISPs to do the same, with the difference that for smaller ISPs, roughly the same absolute cost divided by a much smaller number of customers is a much greater per-customer cost?