Nonce Ni allows the initiator to reuse the same exponential across the same sessions(with the same or different responders) within the PFS interval while ensuring that the resulting session key will be different. Thus we can use it to differentiate between different parallel sessions( Can the initiator handle the demultiplexing? )
<br><span style="font-family: monospace;"><br></span>On 10/27/07, <b class="gmail_sendername">Matthew Toseland</b> <<a href="mailto:toad@amphibian.dyndns.org">toad@amphibian.dyndns.org</a>> wrote:<div><span class="gmail_quote">
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Various odd errors recently (PacketSequenceException for example) seem to have<br>been caused by running several JFK negotiations simultaneously and all of
<br>them succeeding. STS was stateful and therefore could only have one in<br>flight, but JFK can have more than one. </blockquote><div><br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
So one completes, then another<br>completes; this exposed a bug which I fixed, but it is problematic as the<br>second connection will clobber the first.<br>What does this mean?<br>Options:<br>- 1) Introduce some state, resend the same message 2 after receiving the same
<br>message 1. Bad: memory DoS.<br>- 2) Ignore the problem. It works, don't fix it. Probably what we'll go with.<br>- 3) Stagger the sending of the phase 1 handshakes. The problem is that we may<br>have to keep firewall tunnels open, so we have to send to each address every
<br><30 secs. But there should be space within this to send to a few addresses...<br>- 4) Support multiple temporary connections. Drop according to a defined order<br>in the noderef.<br>- 5) Support multiple permanent connections. Separate AIMD for each
<br>connection, so messages can be distributed according to whichever connection<br>has the lowest RTT and has available bandwidth.<br><br>Any comments?<br><br>_______________________________________________<br>Devl mailing list
<br><a href="mailto:Devl@freenetproject.org">Devl@freenetproject.org</a><br><a href="http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl">http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl</a><br><br></blockquote>
</div><br>