GNUnet 0.22.1
DvInitPS Struct Reference

Content signed by the initiator during DV learning. More...

Collaboration diagram for DvInitPS:
[legend]

Data Fields

struct GNUNET_CRYPTO_EccSignaturePurpose purpose
 Purpose is GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR. More...
 
struct GNUNET_TIME_AbsoluteNBO monotonic_time
 Time at the initiator when generating the signature. More...
 
struct GNUNET_CRYPTO_ChallengeNonceP challenge
 Challenge value used by the initiator to re-identify the path. More...
 

Detailed Description

Content signed by the initiator during DV learning.

The signature is required to prevent DDoS attacks. A peer sending out this message is potentially generating a lot of traffic that will go back to the initiator, as peers receiving this message will try to let the initiator know that they got the message.

Without this signature, an attacker could abuse this mechanism for traffic amplification, sending a lot of traffic to a peer by putting out this type of message with the victim's peer identity.

Even with just a signature, traffic amplification would be possible via replay attacks. The monotonic_time limits such replay attacks, as every potential amplificator will check the monotonic_time and only respond (at most) once per message.

Definition at line 578 of file gnunet-service-transport.c.

Field Documentation

◆ purpose

◆ monotonic_time

struct GNUNET_TIME_AbsoluteNBO DvInitPS::monotonic_time

Time at the initiator when generating the signature.

Note that the receiver MUST IGNORE the absolute time, and only interpret the value as a mononic time and reject "older" values than the last one observed. This is necessary as we do not want to require synchronized clocks and may not have a bidirectional communication channel.

Even with this, there is no real guarantee against replay achieved here, unless the latest timestamp is persisted. Persistence should be provided via PEERSTORE if possible.

Definition at line 597 of file gnunet-service-transport.c.

◆ challenge

struct GNUNET_CRYPTO_ChallengeNonceP DvInitPS::challenge

Challenge value used by the initiator to re-identify the path.

Definition at line 602 of file gnunet-service-transport.c.

Referenced by validate_dv_initiator_signature().


The documentation for this struct was generated from the following file: