I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

SSU: Document that the Bob-to-Alice peer test message

Browse Source 
must be in-session as of API 0.9.52.

Already implemented by i2pd; Java I2P fixes will be in 1.6.0.
This commit is contained in:
zzz
2021-10-19 14:31:10 -04:00
parent 5344482dbe
commit ddfa9b3063
2 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
i2p2www/pages/site/docs/transport/ssu.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Secure Semireliable UDP{% endtrans %} (SSU){% endblock %}
{% block lastupdated %}2021-04{% endblock %}
{% block accuratefor %}0.9.50{% endblock %}
{% block lastupdated %}2021-10{% endblock %}
{% block accuratefor %}0.9.52{% endblock %}
{% block content %}
<p>{% trans transports=site_url('docs/transport'), ntcp=site_url('docs/transport/ntcp'), ntcp2=site_url('docs/spec/ntcp2') -%}
@ -504,11 +504,14 @@ to designate a new peer as Bob and try again with a different nonce.
{%- endtrans %}</p>
<p>{% trans -%}
Alice's introduction key is included in all of the PeerTest
messages so that she doesn't need to already have an established
session with Bob and so that Charlie can contact her without knowing
any additional information. Alice may go on to establish a session
with either Bob or Charlie, but it is not required.
Alice's introduction key is included in all of the PeerTest messages
so that Charlie can contact her without knowing any additional information.
As of release 0.9.15, Alice must have an established
session with Bob, to prevent spoofing attacks.
Alice must not have an established session with Charlie for the peer test
to be valid.
Alice may go on to establish a session
with Charlie, but it is not required.
{%- endtrans %}</p>
<h3>IPv6 Notes</h3>

17
i2p2www/spec/ssu.rst
View File

@ -3,8 +3,8 @@ SSU Protocol Specification
==========================
.. meta::
:category: Transports
:lastupdated: 2021-06
:accuratefor: 0.9.50
:lastupdated: 2021-10
:accuratefor: 0.9.52
.. contents::
@ -1016,8 +1016,10 @@ Note: IPv6 peer testing is supported as of release 0.9.27.
3. When sent from Charlie to Bob: Bob/Charlie sessionKey
4. When sent from Bob to Alice: Alice's introKey, as
received in the PeerTest message from Alice
4. When sent from Bob to Alice: Alice/Bob sessionKey
(or for Bob prior to 0.9.52, Alice's introKey, as
received in the PeerTest message from Alice,
see note below)
5. When sent from Charlie to Alice: Alice's introKey, as
received in the PeerTest message from Bob
@ -1107,6 +1109,13 @@ Notes
* As of release 0.9.15, Alice must have an established session with Bob and use
the session key.
* Prior to API version 0.9.52, in some implementations, Bob replied to Alice using
Alice's intro key rather than the Alice/Bob session key, even though
Alice and Bob have an established session (since 0.9.15).
As of API version 0.9.52, Bob will correctly use the session key in all
implementations, and Alice should reject a message received from Bob
with Alice's intro key if Bob is API version 0.9.52 or higher.
* Extended options in the header: Not expected, undefined.
HolePunch