Re: address pair exploration, flooding and state loss

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 26-mei-2005, at 5:39, Greg Daley wrote:

> For self-authentication, you'd basically require the original
> data sender to have enough context left to authenticate the peer,
> based on their IP address information (For example if CGA
> addresses were locators, and the public key was known).
> Timestamp information gathered previously for the CGA address
> may be able to be used to ensure freshness.

> Some of these mechanisms were used in SEND, but become suspect
> for devices which have lost context state on the other side of the
> Internet.  It's possible to say though, that if the error message
> contains a valid signature and timestamp, it's immediately verified.

Signature checks are relatively expensive: these are exactly the  
operations you want to avoid for suspect packets.

However, this could easily be done by having A give B a nonce that is  
(for instance) a timestamp and a hash over B's IP address, the  
timestamp and some secret data. If A then loses its state for B, B  
can prove to A it talked to A at the indicated time, and A can check  
this as long as it still has its piece of secret data. Since this  
doesn't have to change often, that will be likely.