In the DSR paper I had fixed nodes and connections in mind. Two forms of trust are required but perhaps it is better to speak in terms of quantified risk rather than trust.

There are two sorts of risk in the fundamental protocol. First a node operator risks that the immediately adjacent node will fail to pay the accumulator amount. Only the operator who is owed that amount is at risk. Upon default the accumulator amount is lost and the relationship is canceled. This risk may be bounded by limiting the accumulator and requiring smaller and more frequent “real” payments. (The latency of these real payments is a problem.) While no contract enforced by a third party is necessary, it might be wise. See this protocol which operators across an interface might adopt.

The other form of risk is my risk when I choose a route thru the net. Some intermediate operator may steal my packet. If one cheats then I lose the amount in the packet. My recourse is to choose a different route. The neighbors of the cheater lose my business as well. Routing services specialize in detecting cheats but such services are not part of the fundamental protocol. My relationship with a routing service is longer lasting.

One implication of all this is that DSR is not robust at transferring large sums of money. DSR protocol provides no protection against an operator stealing the money in a packet when that money is more than his reputation is worth to him. Paying for a book might be stretching one’s luck. Conventional payment systems do that well enough.