Re: address pair exploration, flooding and state loss

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

Hi Erik,

I think this mechanism you outline can do thee trick.
thanks, marcelo


El 26/05/2005, a las 22:42, Erik Nordmark escribió:

> > As i think we concluded a while ago, the key point is that these 
> > particular error messages cannot be sent spontaneously, but must be 
> > sent as a reply to a packet of the context (which must carry this 
> > random nonce)
>
> Yes, only as a reply.
>
> > this, i guess imposes that data packets of the context, that need to 
> > be demuxed, need not only to carry the context tag, but also this 
> > security nonce.
>
> If the context tag is big enough and randomly allocated (at least hard 
> to guess), then it would be sufficient. Question is how big would be 
> sufficient? 20 bits?
>
> We can do a two step scheme where the hosts allocate large context 
> tags, but the data packets only contain the last N bits of the tag.
> This would allow e.g. the shim6 signaling to use the tags with all the 
> bits (which makes it harder for off-path attackers to inject bogus 
> shim6 signaling messages).
> But one can also then use this for the lost context case as in:
> 1. A sends data packet to B. Contains a small number of bits of the 
> context tag.
> 2. B doesn't have any state. Responds with an error which includes the 
> above bits.
> 3. A sends a "have you really lost the context" message, which 
> includes the full context tag.
> 4. B responds and echoes the full context tag.
>
> I guess a variant of this is that the context tag remains short and in 
> #3 there is a random nonce plus the shortish context tag.
>
>    Erik