Alice Bob fixes

author: ng0 <ng0@infotropique.org> 2017-11-09 10:52:04 +0000
committer: ng0 <ng0@infotropique.org> 2017-11-09 10:52:04 +0000
commit: 85ff483a757bad4a30ef02a9f0069ef21f54c625 (patch)
tree: 0ce3823a78f9f05fbb839a2e53e76c904afbaed2 /doc
parent: 64793d52bd30df2f1534680b98835a60f267a332 (diff)
download: gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.tar.gz
gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.zip
1 files changed, 41 insertions, 31 deletions
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi
index a2032f479..70fd7c7eb 100644
--- a/doc/documentation/chapters/developer.texi
+++ b/doc/documentation/chapters/developer.texi
@@ -3488,36 +3488,36 @@ transport level. Such an attack would not allow the adversary to decrypt
 the P2P transmissions, but a successful attacker could at least measure
 traffic volumes and latencies (raising the adversaries capablities by
 those of a global passive adversary in the worst case). The scenarios we
-are concerned about is an attacker, Mallory, giving a HELLO to Alice that
+are concerned about is an attacker, Mallory, giving a @code{HELLO} to
-claims to be for Bob, but contains Mallory's IP address instead of Bobs
+Alice that claims to be for Bob, but contains Mallory's IP address
-(for some transport). Mallory would then forward the traffic to Bob (by
+instead of Bobs (for some transport).
-initiating a connection to Bob and claiming to be Alice). As a further
+Mallory would then forward the traffic to Bob (by initiating a
+connection to Bob and claiming to be Alice). As a further
 complication, the scheme has to work even if say Alice is behind a NAT
-without traversal support and hence has no address of their own (and thus
+without traversal support and hence has no address of her own (and thus
 Alice must always initiate the connection to Bob).
-An additional constraint is that HELLO messages do not contain a
+An additional constraint is that @code{HELLO} messages do not contain a
 cryptographic signature since other peers must be able to edit
-(i.e. remove) addresses from the HELLO at any time (this was not true in
+(i.e. remove) addresses from the @code{HELLO} at any time (this was
-GNUnet 0.8.x). A basic @strong{assumption} is that each peer knows the
+not true in GNUnet 0.8.x). A basic @strong{assumption} is that each peer
-set of possible network addresses that it @strong{might} be reachable
+knows the set of possible network addresses that it @strong{might}
-under (so for example, the external IP address of the NAT plus the LAN
+be reachable under (so for example, the external IP address of the
-address(es) with the respective ports).
+NAT plus the LAN address(es) with the respective ports).
 The solution is the following. If Alice wants to validate that a given
 address for Bob is valid (i.e. is actually established @strong{directly}
-with the intended target), it sends a PING message over that connection
+with the intended target), she sends a PING message over that connection
 to Bob. Note that in this case, Alice initiated the connection so only
-Alice knows which address was used for sure (Alice maybe behind NAT, so
+Alice knows which address was used for sure (Alice may be behind NAT, so
-whatever address Bob sees may not be an address Alice knows they have).
+whatever address Bob sees may not be an address Alice knows she has).
-Bob
+Bob checks that the address given in the @code{PING} is actually one
-checks that the address given in the PING is actually one of Bob's
+of Bob's addresses (ie: does not belong to Mallory), and if it is,
-addresses
+sends back a @code{PONG} (with a signature that says that Bob
-(does not belong to Mallory), and if it is, sends back a PONG (with a
+owns/uses the address from the @code{PING}).
-signature that says that Bob owns/uses the address from the PING). Alice
+Alice checks the signature and is happy if it is valid and the address
-checks the signature and is happy if it is valid and the address in the
+in the @code{PONG} is the address Alice used.
-PONG is the address Alice used.
+This is similar to the 0.8.x protocol where the @code{HELLO} contained a
-This is similar to the 0.8.x protocol where the HELLO contained a
 signature from Bob for each address used by Bob.
 Here, the purpose code for the signature is
 @code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will
@@ -3527,9 +3527,13 @@ considers Bob's address to be valid, the connection itself is not
 considered 'established'. In particular, Alice may have many addresses
 for Bob that Alice considers valid.
-The PONG message is protected with a nonce/challenge against replay
+@c TODO: reference Footnotes so that I don't have to duplicate the
-attacks and uses an expiration time for the signature (but those are
+@c footnotes or add them to an index at the end. Is this possible at
-almost implementation details).
+@c all in Texinfo?
+The @code{PONG} message is protected with a nonce/challenge against replay
+attacks@footnote{@uref{http://en.wikipedia.org/wiki/Replay_attack, replay}}
+and uses an expiration time for the signature (but those are almost
+implementation details).
 @cindex NAT library
 @node NAT library
@@ -3624,8 +3628,14 @@ chain (or delivered to the current peer, if it has arrived at the
 destination).
 Assume a three peer network with peers Alice, Bob and Carol. Assume that
-Alice <-> Bob and Bob <-> Carol are direct (e.g. over TCP or UDP
-transports) connections, but that Alice cannot directly connect to Carol.
+@example
+Alice <-> Bob and Bob <-> Carol
+@end example
+@noindent
+are direct (e.g. over TCP or UDP transports) connections, but that
+Alice cannot directly connect to Carol.
 This may be the case due to NAT or firewall restrictions, or perhaps
 based on one of the peers respective configurations. If the Distance
 Vector transport is enabled on all three peers, it will automatically
@@ -3636,10 +3646,10 @@ Carol and notifies the DV transport about it. The DV transport at Alice
 looks up Carol in the routing table and finds that the message must be
 sent through Bob for Carol. The message is encapsulated setting Alice as
 the initiator and Carol as the destination and sent to Bob. Bob receives
-the messages, verifies both Alice and Carol are known to Bob, and re-wraps
+the messages, verifies that both Alice and Carol are known to Bob, and
-the message in a new DV message for Carol. The DV transport at Carol
+re-wraps the message in a new DV message for Carol.
-receives this message, unwraps the original message, and delivers it to
+The DV transport at Carol receives this message, unwraps the original
-Carol as though it came directly from Alice.
+message, and delivers it to Carol as though it came directly from Alice.
 @cindex SMTP plugin
 @node SMTP plugin
author	ng0 <ng0@infotropique.org>	2017-11-09 10:52:04 +0000
committer	ng0 <ng0@infotropique.org>	2017-11-09 10:52:04 +0000
commit	85ff483a757bad4a30ef02a9f0069ef21f54c625 (patch)
tree	0ce3823a78f9f05fbb839a2e53e76c904afbaed2 /doc
parent	64793d52bd30df2f1534680b98835a60f267a332 (diff)
download	gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.tar.gz gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.zip

diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi index a2032f479..70fd7c7eb 100644 --- a/doc/documentation/chapters/developer.texi +++ b/doc/documentation/chapters/developer.texi
@@ -3488,36 +3488,36 @@ transport level. Such an attack would not allow the adversary to decrypt
3488	the P2P transmissions, but a successful attacker could at least measure	3488	the P2P transmissions, but a successful attacker could at least measure
3489	traffic volumes and latencies (raising the adversaries capablities by	3489	traffic volumes and latencies (raising the adversaries capablities by
3490	those of a global passive adversary in the worst case). The scenarios we	3490	those of a global passive adversary in the worst case). The scenarios we
3491	are concerned about is an attacker, Mallory, giving a HELLO to Alice that	3491	are concerned about is an attacker, Mallory, giving a @code{HELLO} to
3492	claims to be for Bob, but contains Mallory's IP address instead of Bobs	3492	Alice that claims to be for Bob, but contains Mallory's IP address
3493	(for some transport). Mallory would then forward the traffic to Bob (by	3493	instead of Bobs (for some transport).
3494	initiating a connection to Bob and claiming to be Alice). As a further	3494	Mallory would then forward the traffic to Bob (by initiating a
		3495	connection to Bob and claiming to be Alice). As a further
3495	complication, the scheme has to work even if say Alice is behind a NAT	3496	complication, the scheme has to work even if say Alice is behind a NAT
3496	without traversal support and hence has no address of their own (and thus	3497	without traversal support and hence has no address of her own (and thus
3497	Alice must always initiate the connection to Bob).	3498	Alice must always initiate the connection to Bob).
3498		3499
3499	An additional constraint is that HELLO messages do not contain a	3500	An additional constraint is that @code{HELLO} messages do not contain a
3500	cryptographic signature since other peers must be able to edit	3501	cryptographic signature since other peers must be able to edit
3501	(i.e. remove) addresses from the HELLO at any time (this was not true in	3502	(i.e. remove) addresses from the @code{HELLO} at any time (this was
3502	GNUnet 0.8.x). A basic @strong{assumption} is that each peer knows the	3503	not true in GNUnet 0.8.x). A basic @strong{assumption} is that each peer
3503	set of possible network addresses that it @strong{might} be reachable	3504	knows the set of possible network addresses that it @strong{might}
3504	under (so for example, the external IP address of the NAT plus the LAN	3505	be reachable under (so for example, the external IP address of the
3505	address(es) with the respective ports).	3506	NAT plus the LAN address(es) with the respective ports).
3506		3507
3507	The solution is the following. If Alice wants to validate that a given	3508	The solution is the following. If Alice wants to validate that a given
3508	address for Bob is valid (i.e. is actually established @strong{directly}	3509	address for Bob is valid (i.e. is actually established @strong{directly}
3509	with the intended target), it sends a PING message over that connection	3510	with the intended target), she sends a PING message over that connection
3510	to Bob. Note that in this case, Alice initiated the connection so only	3511	to Bob. Note that in this case, Alice initiated the connection so only
3511	Alice knows which address was used for sure (Alice maybe behind NAT, so	3512	Alice knows which address was used for sure (Alice may be behind NAT, so
3512	whatever address Bob sees may not be an address Alice knows they have).	3513	whatever address Bob sees may not be an address Alice knows she has).
3513	Bob	3514	Bob checks that the address given in the @code{PING} is actually one
3514	checks that the address given in the PING is actually one of Bob's	3515	of Bob's addresses (ie: does not belong to Mallory), and if it is,
3515	addresses	3516	sends back a @code{PONG} (with a signature that says that Bob
3516	(does not belong to Mallory), and if it is, sends back a PONG (with a	3517	owns/uses the address from the @code{PING}).
3517	signature that says that Bob owns/uses the address from the PING). Alice	3518	Alice checks the signature and is happy if it is valid and the address
3518	checks the signature and is happy if it is valid and the address in the	3519	in the @code{PONG} is the address Alice used.
3519	PONG is the address Alice used.	3520	This is similar to the 0.8.x protocol where the @code{HELLO} contained a
3520	This is similar to the 0.8.x protocol where the HELLO contained a
3521	signature from Bob for each address used by Bob.	3521	signature from Bob for each address used by Bob.
3522	Here, the purpose code for the signature is	3522	Here, the purpose code for the signature is
3523	@code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will	3523	@code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will
@@ -3527,9 +3527,13 @@ considers Bob's address to be valid, the connection itself is not
3527	considered 'established'. In particular, Alice may have many addresses	3527	considered 'established'. In particular, Alice may have many addresses
3528	for Bob that Alice considers valid.	3528	for Bob that Alice considers valid.
3529		3529
3530	The PONG message is protected with a nonce/challenge against replay	3530	@c TODO: reference Footnotes so that I don't have to duplicate the
3531	attacks and uses an expiration time for the signature (but those are	3531	@c footnotes or add them to an index at the end. Is this possible at
3532	almost implementation details).	3532	@c all in Texinfo?
		3533	The @code{PONG} message is protected with a nonce/challenge against replay
		3534	attacks@footnote{@uref{http://en.wikipedia.org/wiki/Replay_attack, replay}}
		3535	and uses an expiration time for the signature (but those are almost
		3536	implementation details).
3533		3537
3534	@cindex NAT library	3538	@cindex NAT library
3535	@node NAT library	3539	@node NAT library
@@ -3624,8 +3628,14 @@ chain (or delivered to the current peer, if it has arrived at the
3624	destination).	3628	destination).
3625		3629
3626	Assume a three peer network with peers Alice, Bob and Carol. Assume that	3630	Assume a three peer network with peers Alice, Bob and Carol. Assume that
3627	Alice <-> Bob and Bob <-> Carol are direct (e.g. over TCP or UDP	3631
3628	transports) connections, but that Alice cannot directly connect to Carol.	3632	@example
		3633	Alice <-> Bob and Bob <-> Carol
		3634	@end example
		3635
		3636	@noindent
		3637	are direct (e.g. over TCP or UDP transports) connections, but that
		3638	Alice cannot directly connect to Carol.
3629	This may be the case due to NAT or firewall restrictions, or perhaps	3639	This may be the case due to NAT or firewall restrictions, or perhaps
3630	based on one of the peers respective configurations. If the Distance	3640	based on one of the peers respective configurations. If the Distance
3631	Vector transport is enabled on all three peers, it will automatically	3641	Vector transport is enabled on all three peers, it will automatically
@@ -3636,10 +3646,10 @@ Carol and notifies the DV transport about it. The DV transport at Alice
3636	looks up Carol in the routing table and finds that the message must be	3646	looks up Carol in the routing table and finds that the message must be
3637	sent through Bob for Carol. The message is encapsulated setting Alice as	3647	sent through Bob for Carol. The message is encapsulated setting Alice as
3638	the initiator and Carol as the destination and sent to Bob. Bob receives	3648	the initiator and Carol as the destination and sent to Bob. Bob receives
3639	the messages, verifies both Alice and Carol are known to Bob, and re-wraps	3649	the messages, verifies that both Alice and Carol are known to Bob, and
3640	the message in a new DV message for Carol. The DV transport at Carol	3650	re-wraps the message in a new DV message for Carol.
3641	receives this message, unwraps the original message, and delivers it to	3651	The DV transport at Carol receives this message, unwraps the original
3642	Carol as though it came directly from Alice.	3652	message, and delivers it to Carol as though it came directly from Alice.
3643		3653
3644	@cindex SMTP plugin	3654	@cindex SMTP plugin
3645	@node SMTP plugin	3655	@node SMTP plugin