 |
GNUnet 0.22.2
|
|
|
GNUnet 0.22.2
|
|
Content signed by the initiator during DV learning. More...
Data Fields | |
| struct GNUNET_CRYPTO_EccSignaturePurpose | purpose |
| Purpose is GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR. More... | |
| struct GNUNET_TIME_AbsoluteNBO | monotonic_time |
| Time at the initiator when generating the signature. More... | |
| struct GNUNET_CRYPTO_ChallengeNonceP | challenge |
| Challenge value used by the initiator to re-identify the path. More... | |
Content signed by the initiator during DV learning.
The signature is required to prevent DDoS attacks. A peer sending out this message is potentially generating a lot of traffic that will go back to the initiator, as peers receiving this message will try to let the initiator know that they got the message.
Without this signature, an attacker could abuse this mechanism for traffic amplification, sending a lot of traffic to a peer by putting out this type of message with the victim's peer identity.
Even with just a signature, traffic amplification would be possible via replay attacks. The monotonic_time limits such replay attacks, as every potential amplificator will check the monotonic_time and only respond (at most) once per message.
Definition at line 578 of file gnunet-service-transport.c.
| struct GNUNET_CRYPTO_EccSignaturePurpose DvInitPS::purpose |
Purpose is GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR.
Definition at line 583 of file gnunet-service-transport.c.
Referenced by start_dv_learn(), and validate_dv_initiator_signature().
| struct GNUNET_TIME_AbsoluteNBO DvInitPS::monotonic_time |
Time at the initiator when generating the signature.
Note that the receiver MUST IGNORE the absolute time, and only interpret the value as a mononic time and reject "older" values than the last one observed. This is necessary as we do not want to require synchronized clocks and may not have a bidirectional communication channel.
Even with this, there is no real guarantee against replay achieved here, unless the latest timestamp is persisted. Persistence should be provided via PEERSTORE if possible.
Definition at line 597 of file gnunet-service-transport.c.
| struct GNUNET_CRYPTO_ChallengeNonceP DvInitPS::challenge |
Challenge value used by the initiator to re-identify the path.
Definition at line 602 of file gnunet-service-transport.c.
Referenced by validate_dv_initiator_signature().
1.9.4