diff options
author | ng0 <ng0@infotropique.org> | 2017-11-09 10:52:04 +0000 |
---|---|---|
committer | ng0 <ng0@infotropique.org> | 2017-11-09 10:52:04 +0000 |
commit | 85ff483a757bad4a30ef02a9f0069ef21f54c625 (patch) | |
tree | 0ce3823a78f9f05fbb839a2e53e76c904afbaed2 /doc | |
parent | 64793d52bd30df2f1534680b98835a60f267a332 (diff) | |
download | gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.tar.gz gnunet-85ff483a757bad4a30ef02a9f0069ef21f54c625.zip |
Alice Bob fixes
Diffstat (limited to 'doc')
-rw-r--r-- | doc/documentation/chapters/developer.texi | 72 |
1 files changed, 41 insertions, 31 deletions
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi index a2032f479..70fd7c7eb 100644 --- a/doc/documentation/chapters/developer.texi +++ b/doc/documentation/chapters/developer.texi | |||
@@ -3488,36 +3488,36 @@ transport level. Such an attack would not allow the adversary to decrypt | |||
3488 | the P2P transmissions, but a successful attacker could at least measure | 3488 | the P2P transmissions, but a successful attacker could at least measure |
3489 | traffic volumes and latencies (raising the adversaries capablities by | 3489 | traffic volumes and latencies (raising the adversaries capablities by |
3490 | those of a global passive adversary in the worst case). The scenarios we | 3490 | those of a global passive adversary in the worst case). The scenarios we |
3491 | are concerned about is an attacker, Mallory, giving a HELLO to Alice that | 3491 | are concerned about is an attacker, Mallory, giving a @code{HELLO} to |
3492 | claims to be for Bob, but contains Mallory's IP address instead of Bobs | 3492 | Alice that claims to be for Bob, but contains Mallory's IP address |
3493 | (for some transport). Mallory would then forward the traffic to Bob (by | 3493 | instead of Bobs (for some transport). |
3494 | initiating a connection to Bob and claiming to be Alice). As a further | 3494 | Mallory would then forward the traffic to Bob (by initiating a |
3495 | connection to Bob and claiming to be Alice). As a further | ||
3495 | complication, the scheme has to work even if say Alice is behind a NAT | 3496 | complication, the scheme has to work even if say Alice is behind a NAT |
3496 | without traversal support and hence has no address of their own (and thus | 3497 | without traversal support and hence has no address of her own (and thus |
3497 | Alice must always initiate the connection to Bob). | 3498 | Alice must always initiate the connection to Bob). |
3498 | 3499 | ||
3499 | An additional constraint is that HELLO messages do not contain a | 3500 | An additional constraint is that @code{HELLO} messages do not contain a |
3500 | cryptographic signature since other peers must be able to edit | 3501 | cryptographic signature since other peers must be able to edit |
3501 | (i.e. remove) addresses from the HELLO at any time (this was not true in | 3502 | (i.e. remove) addresses from the @code{HELLO} at any time (this was |
3502 | GNUnet 0.8.x). A basic @strong{assumption} is that each peer knows the | 3503 | not true in GNUnet 0.8.x). A basic @strong{assumption} is that each peer |
3503 | set of possible network addresses that it @strong{might} be reachable | 3504 | knows the set of possible network addresses that it @strong{might} |
3504 | under (so for example, the external IP address of the NAT plus the LAN | 3505 | be reachable under (so for example, the external IP address of the |
3505 | address(es) with the respective ports). | 3506 | NAT plus the LAN address(es) with the respective ports). |
3506 | 3507 | ||
3507 | The solution is the following. If Alice wants to validate that a given | 3508 | The solution is the following. If Alice wants to validate that a given |
3508 | address for Bob is valid (i.e. is actually established @strong{directly} | 3509 | address for Bob is valid (i.e. is actually established @strong{directly} |
3509 | with the intended target), it sends a PING message over that connection | 3510 | with the intended target), she sends a PING message over that connection |
3510 | to Bob. Note that in this case, Alice initiated the connection so only | 3511 | to Bob. Note that in this case, Alice initiated the connection so only |
3511 | Alice knows which address was used for sure (Alice maybe behind NAT, so | 3512 | Alice knows which address was used for sure (Alice may be behind NAT, so |
3512 | whatever address Bob sees may not be an address Alice knows they have). | 3513 | whatever address Bob sees may not be an address Alice knows she has). |
3513 | Bob | 3514 | Bob checks that the address given in the @code{PING} is actually one |
3514 | checks that the address given in the PING is actually one of Bob's | 3515 | of Bob's addresses (ie: does not belong to Mallory), and if it is, |
3515 | addresses | 3516 | sends back a @code{PONG} (with a signature that says that Bob |
3516 | (does not belong to Mallory), and if it is, sends back a PONG (with a | 3517 | owns/uses the address from the @code{PING}). |
3517 | signature that says that Bob owns/uses the address from the PING). Alice | 3518 | Alice checks the signature and is happy if it is valid and the address |
3518 | checks the signature and is happy if it is valid and the address in the | 3519 | in the @code{PONG} is the address Alice used. |
3519 | PONG is the address Alice used. | 3520 | This is similar to the 0.8.x protocol where the @code{HELLO} contained a |
3520 | This is similar to the 0.8.x protocol where the HELLO contained a | ||
3521 | signature from Bob for each address used by Bob. | 3521 | signature from Bob for each address used by Bob. |
3522 | Here, the purpose code for the signature is | 3522 | Here, the purpose code for the signature is |
3523 | @code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will | 3523 | @code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will |
@@ -3527,9 +3527,13 @@ considers Bob's address to be valid, the connection itself is not | |||
3527 | considered 'established'. In particular, Alice may have many addresses | 3527 | considered 'established'. In particular, Alice may have many addresses |
3528 | for Bob that Alice considers valid. | 3528 | for Bob that Alice considers valid. |
3529 | 3529 | ||
3530 | The PONG message is protected with a nonce/challenge against replay | 3530 | @c TODO: reference Footnotes so that I don't have to duplicate the |
3531 | attacks and uses an expiration time for the signature (but those are | 3531 | @c footnotes or add them to an index at the end. Is this possible at |
3532 | almost implementation details). | 3532 | @c all in Texinfo? |
3533 | The @code{PONG} message is protected with a nonce/challenge against replay | ||
3534 | attacks@footnote{@uref{http://en.wikipedia.org/wiki/Replay_attack, replay}} | ||
3535 | and uses an expiration time for the signature (but those are almost | ||
3536 | implementation details). | ||
3533 | 3537 | ||
3534 | @cindex NAT library | 3538 | @cindex NAT library |
3535 | @node NAT library | 3539 | @node NAT library |
@@ -3624,8 +3628,14 @@ chain (or delivered to the current peer, if it has arrived at the | |||
3624 | destination). | 3628 | destination). |
3625 | 3629 | ||
3626 | Assume a three peer network with peers Alice, Bob and Carol. Assume that | 3630 | Assume a three peer network with peers Alice, Bob and Carol. Assume that |
3627 | Alice <-> Bob and Bob <-> Carol are direct (e.g. over TCP or UDP | 3631 | |
3628 | transports) connections, but that Alice cannot directly connect to Carol. | 3632 | @example |
3633 | Alice <-> Bob and Bob <-> Carol | ||
3634 | @end example | ||
3635 | |||
3636 | @noindent | ||
3637 | are direct (e.g. over TCP or UDP transports) connections, but that | ||
3638 | Alice cannot directly connect to Carol. | ||
3629 | This may be the case due to NAT or firewall restrictions, or perhaps | 3639 | This may be the case due to NAT or firewall restrictions, or perhaps |
3630 | based on one of the peers respective configurations. If the Distance | 3640 | based on one of the peers respective configurations. If the Distance |
3631 | Vector transport is enabled on all three peers, it will automatically | 3641 | Vector transport is enabled on all three peers, it will automatically |
@@ -3636,10 +3646,10 @@ Carol and notifies the DV transport about it. The DV transport at Alice | |||
3636 | looks up Carol in the routing table and finds that the message must be | 3646 | looks up Carol in the routing table and finds that the message must be |
3637 | sent through Bob for Carol. The message is encapsulated setting Alice as | 3647 | sent through Bob for Carol. The message is encapsulated setting Alice as |
3638 | the initiator and Carol as the destination and sent to Bob. Bob receives | 3648 | the initiator and Carol as the destination and sent to Bob. Bob receives |
3639 | the messages, verifies both Alice and Carol are known to Bob, and re-wraps | 3649 | the messages, verifies that both Alice and Carol are known to Bob, and |
3640 | the message in a new DV message for Carol. The DV transport at Carol | 3650 | re-wraps the message in a new DV message for Carol. |
3641 | receives this message, unwraps the original message, and delivers it to | 3651 | The DV transport at Carol receives this message, unwraps the original |
3642 | Carol as though it came directly from Alice. | 3652 | message, and delivers it to Carol as though it came directly from Alice. |
3643 | 3653 | ||
3644 | @cindex SMTP plugin | 3654 | @cindex SMTP plugin |
3645 | @node SMTP plugin | 3655 | @node SMTP plugin |