diff options
Diffstat (limited to 'draft-summermatter-set-union.xml')
| -rw-r--r-- | draft-summermatter-set-union.xml | 74 |
1 files changed, 45 insertions, 29 deletions
diff --git a/draft-summermatter-set-union.xml b/draft-summermatter-set-union.xml index 0467499..c2e154a 100644 --- a/draft-summermatter-set-union.xml +++ b/draft-summermatter-set-union.xml | |||
| @@ -1168,7 +1168,8 @@ hashSum | 0x0101 | 0x5151 | 0x5050 | 0x0000 | | |||
| 1168 | The first case is when one of the peers announces having an empty set. This is announced by setting | 1168 | The first case is when one of the peers announces having an empty set. This is announced by setting |
| 1169 | the SETSIZE field in the <em><xref target="messages_se" format="title" /></em> to 0. | 1169 | the SETSIZE field in the <em><xref target="messages_se" format="title" /></em> to 0. |
| 1170 | <!-- FIXME: why not also do this if sending the elements is about as | 1170 | <!-- FIXME: why not also do this if sending the elements is about as |
| 1171 | expensive as sending the SE? Should be a simple calculation. (thesis summermatter: future work) --> | 1171 | expensive as sending the SE? Should be a simple calculation. (thesis summermatter: future work) @Christian: |
| 1172 | As discussed 14.06 we let this comment in here as it is described in the thesis--> | ||
| 1172 | The second case is if the application requests full synchronisation explicitly. | 1173 | The second case is if the application requests full synchronisation explicitly. |
| 1173 | This is useful for testing and MUST NOT be used in production. | 1174 | This is useful for testing and MUST NOT be used in production. |
| 1174 | </t> | 1175 | </t> |
| @@ -2489,7 +2490,7 @@ FUNCTION END | |||
| 2489 | is to be applied after the SE calculation to | 2490 | is to be applied after the SE calculation to |
| 2490 | the computed set size differences, resulting | 2491 | the computed set size differences, resulting |
| 2491 | in a hard cap on the set size difference estimate | 2492 | in a hard cap on the set size difference estimate |
| 2492 | that is then actually used. --> | 2493 | that is then actually used. @Christian: ???--> |
| 2493 | </t> | 2494 | </t> |
| 2494 | </section> | 2495 | </section> |
| 2495 | 2496 | ||
| @@ -2851,7 +2852,8 @@ END FUNCTION | |||
| 2851 | send at the beginning of the operation. | 2852 | send at the beginning of the operation. |
| 2852 | <!-- FIXME: I don't see how the next sentence makes sense. If we got a FULL_DONE, | 2853 | <!-- FIXME: I don't see how the next sentence makes sense. If we got a FULL_DONE, |
| 2853 | and we still have differing sets, something is broken and re-doing it hardly | 2854 | and we still have differing sets, something is broken and re-doing it hardly |
| 2854 | makes sense, right? --> | 2855 | makes sense, right? @Christian im not sure about that it could be that for example |
| 2856 | the set size changes (from application or other sync) while synchronisation is in progress....--> | ||
| 2855 | If the sets differ, a resynchronisation is required. The number of possible | 2857 | If the sets differ, a resynchronisation is required. The number of possible |
| 2856 | resynchronisation MUST be limited, to prevent resource exhaustion attacks. | 2858 | resynchronisation MUST be limited, to prevent resource exhaustion attacks. |
| 2857 | </t> | 2859 | </t> |
| @@ -2872,10 +2874,22 @@ END FUNCTION | |||
| 2872 | exceeded, or if the size is implausible for the given operation. | 2874 | exceeded, or if the size is implausible for the given operation. |
| 2873 | </t> | 2875 | </t> |
| 2874 | </dd> | 2876 | </dd> |
| 2877 | <dt><xref target="messages_ibf_last" format="title" /></dt> | ||
| 2878 | <dd> | ||
| 2879 | <t> | ||
| 2880 | When all <em><xref target="messages_ibf" format="title" /></em> messages have | ||
| 2881 | been received an <em><xref target="messages_ibf_last" format="title" /></em> message | ||
| 2882 | should conclude the transmission of the IBF and a change to the <strong>Active Decoding</strong> | ||
| 2883 | phase should be ensured. | ||
| 2884 | </t> | ||
| 2885 | </dd> | ||
| 2875 | <!-- FIXME: we can also receive an IBF_LAST in this state, | 2886 | <!-- FIXME: we can also receive an IBF_LAST in this state, |
| 2876 | here additional sanity checks, like that we have received | 2887 | here additional sanity checks, like that we have received |
| 2877 | all of the other fragments/parts of the IBF first and | 2888 | all of the other fragments/parts of the IBF first and |
| 2878 | that the parameters are thus consistent apply. --> | 2889 | that the parameters are thus consistent apply. @Christian So we would have |
| 2890 | to transmit the number of IBF slices that will be transmitted first | ||
| 2891 | to do this check right? | ||
| 2892 | --> | ||
| 2879 | </dl> | 2893 | </dl> |
| 2880 | </section> | 2894 | </section> |
| 2881 | 2895 | ||
| @@ -2888,10 +2902,12 @@ END FUNCTION | |||
| 2888 | To prevent an endless loop in decoding, loop detection MUST be implemented. | 2902 | To prevent an endless loop in decoding, loop detection MUST be implemented. |
| 2889 | The simplest solution is to prevent decoding of more than a given number of elements. | 2903 | The simplest solution is to prevent decoding of more than a given number of elements. |
| 2890 | <!-- FIXME: this description is awkward. Needs to be discussed. | 2904 | <!-- FIXME: this description is awkward. Needs to be discussed. |
| 2891 | I think you also do not mean 'hashes' but 'element IDs'. --> | 2905 | I think you also do not mean 'hashes' but 'element IDs'. @Christian just omit the details |
| 2906 | i guess anybody can freely decide how to handle loops its just important that e protection is | ||
| 2907 | in place. Right?--> | ||
| 2892 | A more robust solution is to implement a algorithm that detects a loop by | 2908 | A more robust solution is to implement a algorithm that detects a loop by |
| 2893 | analyzing past partially decoded IBFs. This can be achieved | 2909 | analyzing past partially decoded IBFs. This can be achieved |
| 2894 | by saving the hash of all prior partly decoded IBFs hashes in a hashmap and check | 2910 | by saving the element IDs of all prior partly decoded IBFs hashes in a hashmap and check |
| 2895 | for every inserted hash, if it is already in the hashmap. | 2911 | for every inserted hash, if it is already in the hashmap. |
| 2896 | </t> | 2912 | </t> |
| 2897 | <t> | 2913 | <t> |
| @@ -2899,12 +2915,14 @@ END FUNCTION | |||
| 2899 | operation MUST be terminated.Furthermore, if the IBF | 2915 | operation MUST be terminated.Furthermore, if the IBF |
| 2900 | decoding successfully terminates and fewer elements were | 2916 | decoding successfully terminates and fewer elements were |
| 2901 | decoded than plausible, the operation MUST also be terminated. | 2917 | decoded than plausible, the operation MUST also be terminated. |
| 2902 | The upper and lower thresholds | 2918 | The upper thresholds for decoded elements from the IBF is the |
| 2903 | for the number of decoded elements can be calculated with the peers set sizes | 2919 | remote set size the other peer has committed too (Case if the complete remote set is |
| 2904 | and the other peer's committed set sizes from the <strong>Expecting IBF</strong> | 2920 | new). The lower threshold for decoding element is the absolute value of the difference |
| 2905 | state. | 2921 | between the local and remote set size (Case the set difference is only in the set of |
| 2922 | a single peer). The other peer's committed set sizes | ||
| 2923 | is transmitted in the the <strong>Expecting IBF</strong> state. | ||
| 2906 | <!-- FIXME: be more precise about how to calculate those | 2924 | <!-- FIXME: be more precise about how to calculate those |
| 2907 | bounds from those inputs. --> | 2925 | bounds from those inputs. @Christan better? --> |
| 2908 | </t> | 2926 | </t> |
| 2909 | 2927 | ||
| 2910 | <t>Security considerations for received messages:</t> | 2928 | <t>Security considerations for received messages:</t> |
| @@ -2948,15 +2966,15 @@ END FUNCTION | |||
| 2948 | <t> | 2966 | <t> |
| 2949 | The <em><xref target="messages_done" format="title" /></em> message is only received if the IBF has finished | 2967 | The <em><xref target="messages_done" format="title" /></em> message is only received if the IBF has finished |
| 2950 | decoding and all offers have been sent. If the <em><xref target="messages_done" format="title" /></em> message is received before | 2968 | decoding and all offers have been sent. If the <em><xref target="messages_done" format="title" /></em> message is received before |
| 2951 | the decoding of the IBF is finished or all open offers and demands | 2969 | the decoding of the IBF is finished or all open demands |
| 2952 | have been answered, the operation MUST be terminated. | 2970 | have been answered, the operation MUST be terminated. |
| 2953 | <!-- FIXME: it is legitimate to not respond to an offer, right? Otherwise | 2971 | <!-- FIXME: it is legitimate to not respond to an offer, right? Otherwise |
| 2954 | we would not need demands; hence, the above should only be | 2972 | we would not need demands; hence, the above should only be |
| 2955 | for 'open demands', right? --> | 2973 | for 'open demands', right? @Christian your right corrected this one--> |
| 2956 | If | 2974 | If |
| 2957 | the sets differ, a resynchronisation is required. The number of possible | 2975 | the sets differ, a resynchronisation is required. The number of possible |
| 2958 | resynchronisation MUST be limited to prevent resource exhaustion attacks. | 2976 | resynchronisation MUST be limited to prevent resource exhaustion attacks. |
| 2959 | <!-- FIXME: again, how can this happen? Why should we really allow this? --> | 2977 | <!-- FIXME: again, how can this happen? Why should we really allow this? @Christian same point above if set changes while we synchronize--> |
| 2960 | </t> | 2978 | </t> |
| 2961 | <t> | 2979 | <t> |
| 2962 | When a <em><xref target="messages_done" format="title" /></em> message is received the | 2980 | When a <em><xref target="messages_done" format="title" /></em> message is received the |
| @@ -3004,14 +3022,6 @@ END FUNCTION | |||
| 3004 | The set difference calculated from the strata estimator needs to be plausible, | 3022 | The set difference calculated from the strata estimator needs to be plausible, |
| 3005 | which means within the byzantine boundaries described in section <xref target="security_generic_functions_check_byzantine_boundaries" format="title" />. | 3023 | which means within the byzantine boundaries described in section <xref target="security_generic_functions_check_byzantine_boundaries" format="title" />. |
| 3006 | </t> | 3024 | </t> |
| 3007 | <t> | ||
| 3008 | <!-- FIXME: I do not think this kind of consideration | ||
| 3009 | belongs into an RFC... Besides, you can have memory | ||
| 3010 | corruption at most steps of the algorithm if the code is sufficiently | ||
| 3011 | careless... --> | ||
| 3012 | In case of compressed strata estimators the unpacking algorithm needs to | ||
| 3013 | be protected against unpacking memory corruption (memory overflow). | ||
| 3014 | </t> | ||
| 3015 | </dd> | 3025 | </dd> |
| 3016 | </dl> | 3026 | </dl> |
| 3017 | </section> | 3027 | </section> |
| @@ -3036,10 +3046,10 @@ END FUNCTION | |||
| 3036 | elements received matches the number that the remote peer | 3046 | elements received matches the number that the remote peer |
| 3037 | originally committed to transmitting, | 3047 | originally committed to transmitting, |
| 3038 | otherwise the operation MUST be terminated. | 3048 | otherwise the operation MUST be terminated. |
| 3039 | <!-- FIXME: this is redundant, already covered by the new state, right? --> | 3049 | <!-- FIXME: this is redundant, already covered by the new state, right? @Christian: ??? State--> |
| 3040 | After receiving the | 3050 | After receiving the |
| 3041 | <em><xref target="messages_full_done" format="title" /></em> message, future elements MUST NOT be accepted. | 3051 | <em><xref target="messages_full_done" format="title" /></em> message, future elements MUST NOT be accepted. |
| 3042 | <!-- FIXME: again, how can this happen? Why should we really allow this? --> | 3052 | <!-- FIXME: again, how can this happen? Why should we really allow this? @Christian Again set changes while sync ;-) --> |
| 3043 | If | 3053 | If |
| 3044 | the sets differ, a resynchronisation is required. The number of possible | 3054 | the sets differ, a resynchronisation is required. The number of possible |
| 3045 | resynchronisation MUST be limited to prevent resource exhaustion attacks. | 3055 | resynchronisation MUST be limited to prevent resource exhaustion attacks. |
| @@ -3061,10 +3071,8 @@ END FUNCTION | |||
| 3061 | then the swap will no longer just add 0.5 RTT! I think | 3071 | then the swap will no longer just add 0.5 RTT! I think |
| 3062 | we MUST instead permit that an IBF decodes to an element | 3072 | we MUST instead permit that an IBF decodes to an element |
| 3063 | that was offered/demanded (only in the previous iteration?) and then | 3073 | that was offered/demanded (only in the previous iteration?) and then |
| 3064 | simply SKIP that element ID! --> | 3074 | simply SKIP that element ID! @Christian oh i missed this one. Yes, your right we dont do this! |
| 3065 | In this moment the peer MUST | 3075 | --> |
| 3066 | wait for all open offers and demands to be fulfilled, to prevent | ||
| 3067 | retransmission before switching into active decoding operation mode. | ||
| 3068 | A switch into active decoding mode MUST only be permitted for | 3076 | A switch into active decoding mode MUST only be permitted for |
| 3069 | a predefined number of times as described in <xref target="security_generic_functions_active_passive_switches" format="default"/> | 3077 | a predefined number of times as described in <xref target="security_generic_functions_active_passive_switches" format="default"/> |
| 3070 | </t> | 3078 | </t> |
| @@ -3074,9 +3082,17 @@ END FUNCTION | |||
| 3074 | <t> | 3082 | <t> |
| 3075 | A check needs to be in place that prevents receiving an inquiry | 3083 | A check needs to be in place that prevents receiving an inquiry |
| 3076 | for an element multiple times or more inquiries than are plausible. | 3084 | for an element multiple times or more inquiries than are plausible. |
| 3085 | The upper thresholds for sent/received inquiries is the | ||
| 3086 | remote set size the other peer has committed too (Case if the complete remote set is | ||
| 3087 | new). The lower threshold for for sent/received inquiries is the absolute value of the | ||
| 3088 | set difference between the local and remote set size | ||
| 3089 | (Case the set difference is only in the set of a single peer). | ||
| 3090 | The other peer's committed set sizes is transmitted in the the <strong>Expecting IBF</strong> state. | ||
| 3091 | Beware that it is possible to get key collisions and an inquiry for the same key | ||
| 3092 | can be transmitted multiple times, so the threshold should take this into account. | ||
| 3077 | <!-- FIXME: how again does one determine how many inquiries are plausible? | 3093 | <!-- FIXME: how again does one determine how many inquiries are plausible? |
| 3078 | Be precise! I can see several options (overall set sizes, but also | 3094 | Be precise! I can see several options (overall set sizes, but also |
| 3079 | SE, or even IBF size). --> | 3095 | SE, or even IBF size). @Christian I Added check parameter--> |
| 3080 | The sending and receiving of <em><xref target="messages_inquiry" format="title" /></em> messages should | 3096 | The sending and receiving of <em><xref target="messages_inquiry" format="title" /></em> messages should |
| 3081 | always be protected with an <xref target="security_generic_functions_mfc" format="title" /> | 3097 | always be protected with an <xref target="security_generic_functions_mfc" format="title" /> |
| 3082 | to secure the protocol against missing, duplicated, out-of-order or unexpected messages. | 3098 | to secure the protocol against missing, duplicated, out-of-order or unexpected messages. |