diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-06-23 22:35:24 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-06-23 22:35:24 +0200 |
commit | 1003d78a66aa4ba5c1aad8c01dde79ae606044a3 (patch) | |
tree | 0b2c72dfa6fd271b2187cf154d18621fcbb5c340 | |
parent | 42feee19f42e56cb675b2dacc75c187a2bb7716a (diff) | |
download | lsd0004-1003d78a66aa4ba5c1aad8c01dde79ae606044a3.tar.gz lsd0004-1003d78a66aa4ba5c1aad8c01dde79ae606044a3.zip |
-rearrange; add block functions to hello
-rw-r--r-- | draft-schanzen-r5n.xml | 95 |
1 files changed, 60 insertions, 35 deletions
diff --git a/draft-schanzen-r5n.xml b/draft-schanzen-r5n.xml index e31d9fa..a5af834 100644 --- a/draft-schanzen-r5n.xml +++ b/draft-schanzen-r5n.xml | |||
@@ -1650,13 +1650,7 @@ BEGIN | |||
1650 | If <tt>FLAGS</tt> indicate a <tt>FindApproximate</tt> request, | 1650 | If <tt>FLAGS</tt> indicate a <tt>FindApproximate</tt> request, |
1651 | the peer <bcp14>SHOULD</bcp14> try to respond with the closest block it | 1651 | the peer <bcp14>SHOULD</bcp14> try to respond with the closest block it |
1652 | has that is not filtered by the | 1652 | has that is not filtered by the |
1653 | <tt>RESULT_BF</tt>. However, implementations also <bcp14>MUST</bcp14> | 1653 | <tt>RESULT_BF</tt>. |
1654 | <!-- FIXME MSC: I suggest NOT normatively defining such a consideration -> security consideration --> | ||
1655 | avoid an exhaustive search of their database, as there could be | ||
1656 | cases where too many local results are filtered by the result | ||
1657 | filter. To avoid denial of service attacks, implementations | ||
1658 | <bcp14>MUST</bcp14> thus ensure that the cost of evaluating any | ||
1659 | such query is reasonably small. | ||
1660 | </li> | 1654 | </li> |
1661 | <li> | 1655 | <li> |
1662 | Else, the peer <bcp14>MUST</bcp14> respond if it has a valid block | 1656 | Else, the peer <bcp14>MUST</bcp14> respond if it has a valid block |
@@ -2142,18 +2136,33 @@ gnunet+tcp://12.3.4.5/ \ | |||
2142 | </dl> | 2136 | </dl> |
2143 | </dd> | 2137 | </dd> |
2144 | </dl> | 2138 | </dl> |
2145 | <t> | 2139 | <t> |
2146 | To validate a block query for a HELLO is to simply check that the XQuery is empty. | 2140 | The HELLO block functions <bcp14>MUST</bcp14> be implemented |
2147 | </t> | 2141 | as follows: |
2148 | <t> | ||
2149 | To derive a block key for a HELLO is to simply | ||
2150 | hash the peer ID from the HELLO. | ||
2151 | </t> | ||
2152 | <t> | ||
2153 | To validate a block store request is to verify | ||
2154 | the EdDSA <tt>SIGNATURE</tt> over the hashed <tt>ADDRESSES</tt> | ||
2155 | against the public key from the peer ID field. | ||
2156 | </t> | 2142 | </t> |
2143 | <dl> | ||
2144 | <dt>ValidateBlockQuery(Key, XQuery) | ||
2145 | -> RequestEvaluationResult</dt> | ||
2146 | <dd> | ||
2147 | To validate a block query for a HELLO is to simply check that the XQuery is empty. If it is empty, REQUEST_VALID ist returned. Otherwise, REQUEST_INVALID. | ||
2148 | </dd> | ||
2149 | <dt>DeriveBlockKey(Block) -> Key | NONE</dt> | ||
2150 | <dd> | ||
2151 | To derive a block key for a HELLO is to simply | ||
2152 | hash the peer ID from the HELLO. The result of this function | ||
2153 | is always: FIXME what hash | ||
2154 | </dd> | ||
2155 | <dt>ValidateBlockStoreRequest(Block) | ||
2156 | -> BlockEvaluationResult</dt> | ||
2157 | <dd> | ||
2158 | To validate a block store request is to verify | ||
2159 | the EdDSA <tt>SIGNATURE</tt> over the hashed <tt>ADDRESSES</tt> | ||
2160 | against the public key from the peer ID field. | ||
2161 | If the signature is valid BLOCK_VALID is returned. | ||
2162 | Otherwise BLOCK_INVALID. | ||
2163 | </dd> | ||
2164 | <dt>SetupResultFilter(FilterSize, Mutator) -> RF</dt> | ||
2165 | <dd> | ||
2157 | <t> | 2166 | <t> |
2158 | The RESULT_FILTER for HELLO blocks is implemented using a | 2167 | The RESULT_FILTER for HELLO blocks is implemented using a |
2159 | Bloom filter. | 2168 | Bloom filter. |
@@ -2207,21 +2216,6 @@ gnunet+tcp://12.3.4.5/ \ | |||
2207 | match, subsequent requests are likely to not have the same | 2216 | match, subsequent requests are likely to not have the same |
2208 | false-positives. | 2217 | false-positives. |
2209 | </t> | 2218 | </t> |
2210 | |||
2211 | <t> | ||
2212 | To filter results of HELLO blocks using the Bloom filter, the | ||
2213 | <tt>H_ADDRS</tt> field (as computed using SHA-512 over | ||
2214 | the <tt>ADDRESSES</tt>) and XORed with the SHA-512 | ||
2215 | hash of the <tt>MUTATOR</tt> (in network byte order). | ||
2216 | The resulting value is then used when hashing into the | ||
2217 | Bloom filter as described in <xref target="bloom_filters" />. | ||
2218 | Consequently, HELLOs with completely identical sets of | ||
2219 | addresses will be filtered, but any small variation in the set of | ||
2220 | addresses will cause the block to no longer be | ||
2221 | filtered (with high probability). The | ||
2222 | function thus always returns either | ||
2223 | <tt>FILTER_MORE</tt> or <tt>FILTER_DUPLICATE</tt>. | ||
2224 | </t> | ||
2225 | <t> | 2219 | <t> |
2226 | HELLO result filters can be merged if the | 2220 | HELLO result filters can be merged if the |
2227 | Bloom filters have the same size and | 2221 | Bloom filters have the same size and |
@@ -2229,7 +2223,23 @@ gnunet+tcp://12.3.4.5/ \ | |||
2229 | set in either Bloom filter. This is done whenever | 2223 | set in either Bloom filter. This is done whenever |
2230 | a peer receives a query with the same <tt>MUTATOR</tt>, | 2224 | a peer receives a query with the same <tt>MUTATOR</tt>, |
2231 | predecessor and Bloom filter size. | 2225 | predecessor and Bloom filter size. |
2232 | </t> | 2226 | </t> |
2227 | </dd> | ||
2228 | <dt>FilterResult(Block, Key, RF, XQuery) -> (FilterEvaluationResult, RF')</dt> | ||
2229 | <dd> | ||
2230 | To filter results of HELLO blocks using the Bloom filter, the | ||
2231 | <tt>H_ADDRS</tt> field (as computed using SHA-512 over | ||
2232 | the <tt>ADDRESSES</tt>) and XORed with the SHA-512 | ||
2233 | hash of the <tt>MUTATOR</tt> (in network byte order). | ||
2234 | The resulting value is then used when hashing into the | ||
2235 | Bloom filter as described in <xref target="bloom_filters" />. | ||
2236 | Consequently, HELLOs with completely identical sets of | ||
2237 | addresses will be filtered and FILTER_DUPLICATE is returned. | ||
2238 | Any small variation in the set of addresses will cause the block | ||
2239 | to no longer be filtered (with high probability) and | ||
2240 | FILTER_MORE is returned. | ||
2241 | </dd> | ||
2242 | </dl> | ||
2233 | </section> | 2243 | </section> |
2234 | <section> | 2244 | <section> |
2235 | <name>Persistence</name> | 2245 | <name>Persistence</name> |
@@ -2348,7 +2358,22 @@ gnunet+tcp://12.3.4.5/ \ | |||
2348 | <tt>REPL_LVL</tt> to a maximum of 16. This imposes | 2358 | <tt>REPL_LVL</tt> to a maximum of 16. This imposes |
2349 | an upper limit on bandwidth amplification an attacker | 2359 | an upper limit on bandwidth amplification an attacker |
2350 | may achieve for a given network size and topology. | 2360 | may achieve for a given network size and topology. |
2351 | </t> | 2361 | </t> |
2362 | <section> | ||
2363 | <name>Approximate Result Filtering</name> | ||
2364 | <t> | ||
2365 | When a FindApproximate request is encountered, a peer will try to | ||
2366 | respond with the closest block it has that is not filtered by the | ||
2367 | result bloom filter. | ||
2368 | Implementations <bcp14>MUST</bcp14> ensure that | ||
2369 | the cost of evaluating any such query is reasonably small. | ||
2370 | For example, implementations <bcp14>MAY</bcp14> consider to | ||
2371 | avoid an exhaustive search of their database. | ||
2372 | Not doing so can lead to denial of service attacks as there | ||
2373 | could be cases where too many local results are | ||
2374 | filtered by the result filter. | ||
2375 | </t> | ||
2376 | </section> | ||
2352 | </section> | 2377 | </section> |
2353 | <section anchor="iana" numbered="true" toc="default"> | 2378 | <section anchor="iana" numbered="true" toc="default"> |
2354 | <name>IANA Considerations</name> | 2379 | <name>IANA Considerations</name> |