Re: Question regarding security programming newsgroups

Bobby <bobbye@xxxxxxxxxxxx> wrote:
The problem here is that if A sends a packet to B and B sends a packet
to A (and they do it in a very short
timeframe), A will initiate a key exchnage to B and B will initiate a
key exchnage to A.
Such a collision both could detect. Both of them should abandon one of
the opening connections - and both the same. Perhaps, just abandon the
connection, which was initiated by the smaller IP address (read as an
32bit integer in network byte order).
But, if I do that , for example I have peers A & B (A's ip < B's ip),
A would like to talk to B (A calls sentdo), then A initiates a key
exchnage, but if B is the initiator, then B has to send A some kind of
message which will trigger a key exchange on A - this causes B to
delay the packet

When a connection A->B exists, then a second connection B->A should never
be accomplished, regardless of wether A>B or B>A.

When a connection A->B is in state connecting, and handshake packets for
a connection B->A arrive, then if B>A then A->B is dropped immediately,
else is A>B then B->A is dropped (if already in state connecting) and
the arriving packets must be ignored.

If both sides act like this, then as a result only one connection will
be there; a three way handshake for initiating connections is required,
though.

A packet is sent over connection A->B _or_ connection B->A using UDP.

I can also store the packet somewhere when the above scenario occurs,
(hold the packet) and then when the key exchnage finishes transmit the
packet.

Of course you have to do so.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
.

Relevant Pages

  • Re: Question regarding security programming newsgroups
    ... A will initiate a key exchnage to B and B will initiate a ... key exchnage to A. ... should have keys for this connection in their DB and should not need ... If A<B, A & B don't have keys, but B wants to send a packet to A, ...
    (comp.security.misc)
  • Re: Question regarding security programming newsgroups
    ... OK, so both sides will be able to initiate a key exchnage, ... A initiates to B and B to A. ... A will get B's packet and since it is already in a key exchnage with B ... connection to B. With B->A I mean, that A has keys with B, because ...
    (comp.security.misc)
  • Re: Question regarding security programming newsgroups
    ... A will initiate a key exchnage to B and B will initiate a ... key exchnage to A. ... if I do the above I delay the whole transmit handler task (I also have ... A was finished and that it can continue sending the packet. ...
    (comp.security.misc)
  • Re: Question regarding security programming newsgroups
    ... initiate a key exchnage. ... If A<B, A & B don't have keys, but B wants to send a packet to A, ... a three way handshake for initiating connections is required, ...
    (comp.security.misc)
  • Re: Question regarding security programming newsgroups
    ... A initiates to B and B to A. ... A will get B's packet and since it is already in a key exchnage with B ... connection to B. With B->A I mean, that A has keys with B, because ...
    (comp.security.misc)