[freenet-cvs] r14942 - branches/freenet-jfk/devnotes

kryptos at freenetproject.org kryptos at freenetproject.org
Mon Sep 3 06:21:22 UTC 2007 

Author: kryptos
Date: 2007-09-03 06:21:21 +0000 (Mon, 03 Sep 2007)
New Revision: 14942

Added:
   branches/freenet-jfk/devnotes/cryptoNotes.txt
Removed:
   branches/freenet-jfk/devnotes/jfkNotes.txt
Log:
 Updated JFK notes

Added: branches/freenet-jfk/devnotes/cryptoNotes.txt
===================================================================
--- branches/freenet-jfk/devnotes/cryptoNotes.txt	                        (rev 0)
+++ branches/freenet-jfk/devnotes/cryptoNotes.txt	2007-09-03 06:21:21 UTC (rev 14942)
@@ -0,0 +1,17 @@
+1 Initiator-Responder:
+This is a straightforward DiffieHellman exponential along with a random nonce.
+The Initiator Nonce serves two purposes;it allows the initiator to use the same exponentials during different sessions while ensuring that the resulting session key will be different,can be used to differentiate between parallel sessions
+2 Responder-Initiator:
+Responder replies with a signed copy of his own exponential, a random nonce and an authenticator calculated from a transient hash key private to the responder.
+3 Initiator-Responder:
+Initiator echoes the data sent by the responder including the authenticator. This helps the responder verify the authenticity of the returned data. The authenticator is sufficient defense against forgery; replays, however, could cause considerable computation. The defense against this is to cache the corresponding Message (4); if a duplicate Message (3) is seen, the cached response is retransmitted; The key for looking up Message 3's in the cache is the authenticator; this prevents DoS attacks where the attacker randomly modifies the encrypted
+blocks of a valid message, causing a cache miss and thus more processing to be done at the Responder. Rejection messages do not concern us because group information which is sent in Message2 indicates which groups and algorithms are acceptable avoiding the need for explicit message rejection.
+4 Responder-Initiator:
+Encrypted message of the signature on both nonces, both exponentials using the same keys as in the previous message.The Initiator can verify that the Responder is present and participating in the session, by decrypting the message and verifying the enclosed signature.
+
+DOS Mitigation
+Responder does not keep state on receiving Msg 1
+HMAC is produced/verified by the Responder only
+HMAC is used to quickly discard DoS packets
+This lookup can done in O(n) using a Patricia trie (Specialized Set data structure based on a prefix tree,they find particular application in the area of IP routing where the ability to contain large ranges of values with a few exceptions is particularly suited to the hierarchical organization of IP Addresses)
+Responder (and Initiator) can reuse g^r and g^i, key but material still changes

Deleted: branches/freenet-jfk/devnotes/jfkNotes.txt
===================================================================
--- branches/freenet-jfk/devnotes/jfkNotes.txt	2007-08-31 17:50:23 UTC (rev 14941)
+++ branches/freenet-jfk/devnotes/jfkNotes.txt	2007-09-03 06:21:21 UTC (rev 14942)
@@ -1,20 +0,0 @@
-Initiator-Responder:
-This is a straightforward DiffieHellman exponential.
-The Initiator Nonce serves two purposes;it allows the initiator to use the same
-exponentials during different sessions while ensuring that the resulting 			 session key will be different,can be used to differentiate between parallel sessions 
-
-Responder-Initiator:
-Responder replies with a signed copy of his own exponential, a random nonce and an authenticator calculated from a transient hash key private to the responder.
-We slightly deviate JFK here;we do not send any public key information
-as specified in the JFK docs 
-
-Initiator-Responder:
-Initiator echoes the data sent by the responder including the authenticator. This helps
-the responder verify the authenticity of the returned data. Rejection messages do not
-concern us because grpinfo which is sent in Message2 indicates which groups and algorithms 
-are acceptable avoiding the need for explicit message rejection. 
-
-Responder-Initiator:
-Encrypted message of the signature
-on both nonces, both exponentials using the same keys as in the previous message
-

More information about the cvs mailing list