[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r934 - GNUnet-docs/WWW/test
From: |
durner |
Subject: |
[GNUnet-SVN] r934 - GNUnet-docs/WWW/test |
Date: |
Tue, 14 Jun 2005 11:48:03 -0700 (PDT) |
Author: durner
Date: 2005-06-14 11:48:00 -0700 (Tue, 14 Jun 2005)
New Revision: 934
Modified:
GNUnet-docs/WWW/test/protocol_p2p_core.php3
Log:
Reformat
Modified: GNUnet-docs/WWW/test/protocol_p2p_core.php3
===================================================================
--- GNUnet-docs/WWW/test/protocol_p2p_core.php3 2005-06-14 18:36:16 UTC (rev
933)
+++ GNUnet-docs/WWW/test/protocol_p2p_core.php3 2005-06-14 18:48:00 UTC (rev
934)
@@ -5,8 +5,9 @@
include("html_header.php3");
ANCHOR("protocol");H3("GNUnet Protocol: node-to-node: core messages");
-
+BP();
W("The GNUnet node-to-node (peer-to-peer) procotol currently defines seven
different messages that must be supported by all peers:");
+EP();
echo "<ul>\n";
LIV(extlink_("#HELO","HELO"));
LIV(extlink_("#SKEY","SKEY"));
@@ -16,13 +17,14 @@
LIV(extlink_("#FRAGMENT","FRAGMENT"));
LIV(extlink_("#NOISE","NOISE"));
echo "</ul>\n";
+BP();
W("The most basic sequence is that a host sends a %s to any other host to
notify it of its existance on the network.",
extlink_("#HELO","HELO"));
W("The recipient of the HELO sends back a %s to confirm that the host is
actually reachable.",
extlink_("#PING","PING"));
W("The receiver of the PING always sends back a %s to confirm receit.",
extlink_("#PONG","PONG"));
-BR();
+P();
W("Later, either of the hosts sends the other host an %s message with an
encrypted %s to initiate a connection.",
ARRAY(extlink_("#SKEY","SKEY"),
extlink_("#PING", "PING")));
@@ -65,7 +67,7 @@
W("The GNUnet core adds a checksum, information about bandwidth limitations
and sequencing information to prevent processing messages twice.");
W("The encryption, decryption and verification is done by the GNUnet core and
neither the application nor the transport code need to worry about it.");
W("The format of the header that is added by the GNUnet core to each message
is the following:");
-echo "<table border=3>\n";
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
fiveRowIntEntries("hash of the plaintext (RipeMD160)");
rowIntEntryNBO("sequence number, 0 for plaintext");
@@ -76,13 +78,14 @@
W("This header is followed by individual messages.");
W("Note again that the identity of the sender must also be communicated, but
how this is done depends on the specific transport.");
-P();
+EP();
ANCHOR("HELO");H4("HELO");
+BP();
W("A HELO packet is used to propagate information about participating nodes
throughout GNUnet.");
W("Each GNUnet node is identified by its public key K.");
W("Throughout GNUnet, the public key of a node is often abbreviated by just
the hash of K, short H(K).");
-BR();
+P();
W("The HELO packet is the way nodes propagate public keys of other nodes.");
W("Furthermore, the identity of the node is <strong>bound</strong> to an
address.");
W("How an address is specified depends on the underlying transport mechanism
that is used.");
@@ -91,14 +94,14 @@
W("GNUnet nodes can have multiple addresses and change addresses at any time,
e.g. if the IP is dynamically assigned, like in DHCP or on dialup.");
W("The %s is used to notify other hosts of a changed address.",
extlink_("doxygen/html/structHELO__Message.html","HELO message"));
-BR();
+P();
W("<strong>Security considerations</strong>.");
W("Malicious nodes could disrupt GNUnet by telling nodes fake addresses.");
W("As nodes forward HELOs from other nodes, malicious hosts could replace the
address of the original node by an invalid address.");
W("In order to prevent this, the address portion of a HELO must be signed with
the private key of the node.");
W("In order to prevent malicious hosts from forwarding outdated addresses, the
signed portion of a HELO also contains a timestamp stating how long the HELO is
going to be valid.");
W("The administrator of each node can specify how long the HELOs signed by
that node are going to be valid; the administrator is in the best position to
judge how long the current address will be valid.");
-BR();
+P();
W("Another security concern is where hosts send out valid, signed HELO
messages with IPs of non-participating machines.");
W("The goal of this attack could either be to flood the non-participating
hosts with traffic (trick GNUnet into performing an attack) or to make it hard
for the receiver to find a valid GNUnet host in the ocean of addresses that it
learned from the HELOs.");
W("GNUnet defends against this type of attack by sending a PING to the
acclaimed host and only believes the HELO of a PONG is received.");
@@ -114,7 +117,7 @@
EXTLINK_("#SKEY","SKEY"));
W("Once an encrypted channel was formed, nodes can exchange HELOs via that
channel.");
-echo "<table border=3>\n";
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
rowSizeType("556 + " . W_("sender address size"),"0");
rowIntEntryVerbatim(extlink_("doxygen/html/structSignature.html",
@@ -132,15 +135,16 @@
shortEntry_("transport protocol number", NBO_()));
rowIntEntryNBO("sender address (sender address size bytes)");
echo "</table>\n";
-P();
+EP();
ANCHOR("SKEY");H4("SKEY");
+BP
W("Sessionkeys are 128 bit keys for blowfish, a symmetric cipher that is used
for all communication between GNUnet nodes except %ss and SKEYs themselves (for
those, RSA with 2048 bit keys is used).",
extlink_("#HELO","HELO"));
-BR();
+P();
W("A session between two GNUnet nodes is the existance of a pair of
sessionkeys between the two nodes that have been confirmed by receiving an
encrypted PONG response to an encrypted PING challenge.");
W("Even if the underlying protocol may be connectionless, the notion of a
session is still meaningful for GNUnet.");
-BR();
+P();
W("A session key exchange may be initiated by either node.");
W("SKEYS are always encrypted with the public key of the receiving node.");
W("The sender of a session key not only encrypts the key with the public key
of the receiver but also signs it (together with an creation time) with its own
private key.");
@@ -157,12 +161,12 @@
W("The sender must remember the sessionkey and can start using it after
receiving an acknowledgement in the form of a %s from the receiver.",
extlink_("#PONG","PONG"));
W("The PONG must be encrypted and can be transmitted either as part of the
symmetrically encrpyted portion of another SKEY or as an ordinary encrypted
message.");
-BR();
+P();
W("The format of an %s is the following:",
extlink_("doxygen/html/structSKEY__Message.html","SKEY message"));
P();
-echo "<table border=3>\n";
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
rowSizeType("520+N","1");
rowIntEntryNBO("creation time (not expiration!)");
@@ -172,27 +176,30 @@
echo "</table>\n";
W("Note that N is always either 28 or 56 bytes.");
-P();
+EP();
ANCHOR("PING");H4("PING");
+BP();
W("PINGs are used to test if a node receives messages correctly.");
W("PINGs are exchanged in encrypted messages, as part of SKEYs and in
plaintext.");
W("The receit of a PING must be answered by a PONG with identical body (the
receiver just changes the type).");
W("An encrypted PING must be answered by an encrypted PONG.");
W("It does not matter if the encrypted PONG is encrypted as part of an SKEY or
part of an ordinary encrypted message.");
W("The challenge number in a PING is a random number that is used to make it
impractical for an adversary to guess the contents of the PING and thus hard to
fake a PONG response.");
-BR();
+P();
W("The identity stored in the PING is the identity of the receiver.");
W("If that identity does not match, the PING must be silently discarded.");
-echo "<table border=3>\n";
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
rowSizeType("28","2");
fiveRowIntEntries("receiver identity");
rowIntEntryNBO("challenge");
echo "</table>\n";
+EP();
ANCHOR("PONG");H4("PONG");
+BP();
W("PONGs are responses to PINGs.");
W("If the node is not aware of a corresponding PING (or if the challenge is
wrong), the PONG is silently dropped.");
W("Otherwise the appropriate action corresponding to the PING is triggered.");
@@ -203,32 +210,35 @@
fiveRowIntEntries("receiver identity");
rowIntEntryNBO("challenge");
echo "</table>\n";
-P();
+EP();
ANCHOR("HANGUP");H4("HANGUP");
+BP();
W("The format of the HANGUP message is:");
-echo "<table border=3>\n";
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
rowSizeType("24","4");
fiveRowIntEntries("sender identity");
echo "</table>\n";
+BP();
W("When a HANGUP message is received, the node must stop using the current
sessionkey (assuming the receiver is the other node involved in the
corresponding session with the sender).");
W("If the receiving node desires further communication with the sender, a new
sessionkey must be exchanged.");
-P();
+EP();
ANCHOR("FRAGMENT");H4("FRAGMENT");
+BP();
W("Fragments are used to communicate messages that are larger than the MTU of
the transport.");
W("The peer sending fragments should make sure to transmit all fragments in
sequence.");
W("No peer is expected to reassemble multiple fragments for the same sender at
any time.");
W("If the receiving peer does not receive all parts of a fragment, the entire
message has to be discarded.");
W("The messages constructed from fragments cannot be larger than 64k.");
W("The format for fragments is:");
-
-echo "<table border=3>\n";
+EP();
+echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
include("bittable.inc");
rowSizeType("12 + N","5");
rowIntEntryNBO("fragment id");
@@ -236,29 +246,32 @@
shortEntry_("total size"));
rowIntEntry("N bytes of data");
echo "</table>\n";
+BP();
W("The N bytes of data from the fragment belong to a larger message of the
given total size and are to be placed at the given offset.");
W("Unlike IP fragmentation, GNUnet fragments should never be overlapping.");
-P();
+EP();
ANCHOR("NOISE");H4("NOISE");
+BP();
W("Noise is used to make it harder for adversaries to perform traffic
analysis.");
W("A node receiving noise should just silently ignore it.");
W("Nodes may append noise to packets that are short to make all packets look
more uniform in size.");
W("Noise should only be used in encrypted traffic.");
W("The format for noise is:");
-
+EP();
echo "<table border=3>\n";
include("bittable.inc");
rowSizeType("≥ 4","6");
rowIntEntry("noise");
echo "</table>\n";
+BP();
W("The number of bytes of noise should be a multiple of 4 to preserve
alignment.");
W("The noise in the packet should be (pseudo) random.");
-P();
+EP();
include("html_footer.php3");
?>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r934 - GNUnet-docs/WWW/test,
durner <=