Re: address pair exploration, flooding and state loss

[Greg Daley <greg.daley@eng.monash.edu.au>]

Hi Iljistch,

Iljitsch van Beijnum wrote:
> Signature checks are relatively expensive: these are exactly the  
> operations you want to avoid for suspect packets.
>
> However, this could easily be done by having A give B a nonce that is  
> (for instance) a timestamp and a hash over B's IP address, the  
> timestamp and some secret data. If A then loses its state for B, B  can 
> prove to A it talked to A at the indicated time, and A can check  this 
> as long as it still has its piece of secret data. Since this  doesn't 
> have to change often, that will be likely.

In that case, the state required for generating the cookie would have
to be simple (small?) enough to store in a non-volatile way, so that
it too doesn't get lost easily.  It could possibly be system wide,
so long as there's no easy way to determine the secret, or generate
fake cookies.

It may also to be useful to consider if the cookie contains
information about the original context state (which would have to
be sent from B->A in the query). This context state in the query
could help prove that the cookie was given for a particular SHIM6
context, and ensures that if there's a flow still in existence
the flow state can't be restored (if that's an aim) by someone
other than the original context owner.

While cookie generation wouldn't need to be standardized, it
would be useful to have an example incarnation which people could
point to (and implement).

Greg