[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address pair exploration, flooding and state loss
As i think we concluded a while ago, the key point is that these
particular error messages cannot be sent spontaneously, but must be sent
as a reply to a packet of the context (which must carry this random nonce)
Yes, only as a reply.
this, i guess imposes that data packets of the context, that need to be
demuxed, need not only to carry the context tag, but also this security
nonce.
If the context tag is big enough and randomly allocated (at least hard
to guess), then it would be sufficient. Question is how big would be
sufficient? 20 bits?
We can do a two step scheme where the hosts allocate large context tags,
but the data packets only contain the last N bits of the tag.
This would allow e.g. the shim6 signaling to use the tags with all the
bits (which makes it harder for off-path attackers to inject bogus shim6
signaling messages).
But one can also then use this for the lost context case as in:
1. A sends data packet to B. Contains a small number of bits of the
context tag.
2. B doesn't have any state. Responds with an error which includes the
above bits.
3. A sends a "have you really lost the context" message, which includes
the full context tag.
4. B responds and echoes the full context tag.
I guess a variant of this is that the context tag remains short and in
#3 there is a random nonce plus the shortish context tag.
Erik