I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit 9cd8cc69 authored by jrandom's avatar jrandom Committed by zzz
Browse files

added replay prevention blurb, minor cleanup

parent ebac4df2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 17 additions and 4 deletions
router/doc/udp.html
+ 17
4
View file @ 9cd8cc69
<code>$Id: udp.html,v 1.2 2005/03/26 00:56:06 jrandom Exp $</code> <code>$Id: udp.html,v 1.3 2005/03/26 01:23:57 jrandom Exp $</code>
<h1>Secure Semireliable UDP (SSU)</h1> <h1>Secure Semireliable UDP (SSU)</h1>
<b>DRAFT</b> <b>DRAFT</b>
<p> <p>
The goal of this protocol is to provide secure and authenticated The goal of this protocol is to provide secure, authenticated
semireliable, unordered message delivery, exposing only a minimal semireliable, and unordered message delivery, exposing only a minimal
amount of data easily discernible to third parties. It should amount of data easily discernible to third parties. It should
support high degree communication as well as TCP-friendly congestion support high degree communication as well as TCP-friendly congestion
control, and may include PMTU detection. It should be capable of control, and may include PMTU detection. It should be capable of
...@@ -15,7 +15,7 @@ obstacles, like most NATs or firewalls.</p> ...@@ -15,7 +15,7 @@ obstacles, like most NATs or firewalls.</p>
<h2><a name="addressing">Addressing and introduction</a></h2> <h2><a name="addressing">Addressing and introduction</a></h2>
<p>To contact an ESU peer, one of two sets of information is necessary: <p>To contact an SSU peer, one of two sets of information is necessary:
a direct address, for when the peer is publicly reachable, or an a direct address, for when the peer is publicly reachable, or an
indirect address, for using a third party to introduce the peer. indirect address, for using a third party to introduce the peer.
There is no restriction on the number of addresses a peer may have.</p> There is no restriction on the number of addresses a peer may have.</p>
...@@ -424,6 +424,19 @@ MODP group (#14) is used:</p> ...@@ -424,6 +424,19 @@ MODP group (#14) is used:</p>
<p>The DSA p, q, and g are shared according to the scope of the <p>The DSA p, q, and g are shared according to the scope of the
identity which created them.</p> identity which created them.</p>
<h2><a name="replay">Replay prevention</a></h2>
<p>Replay prevention at the SSU layer occurs by rejecting packets
with exceedingly old timestamps or those which reuse an IV. To
detect duplicate IVs, a sequence of Bloom filters are employed to
"decay" periodically so that only recently added IVs are detected.</p>
<p>The messageIds used in DataMessages are defined at layers above
the SSU transport and are passed through transparently. These IDs
are not in any particular order - in fact, they are likely to be
entirely random. The SSU layer makes no attempt at messageId
replay prevention - higher layers should take that into account.</p>
<h2><a name="messageSequences">Message sequences</a></h2> <h2><a name="messageSequences">Message sequences</a></h2>
<h3><a name="establishDirect">Connection establishment (direct)</a></h3> <h3><a name="establishDirect">Connection establishment (direct)</a></h3>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]