Toerless Eckert <[email protected]> wrote: > On Wed, Aug 24, 2022 at 08:33:43PM -0400, Michael Richardson wrote: >> >> Brian E Carpenter <[email protected]> wrote: > I need to >> understand epochs a bit better. I wonder whether an epoch > boundary >> should define when session-id repetition becomes OK (even if > highly >> improbable). There's a practical argument for that: a good > >> implementation will cache obsolete session-ids to detect repetition, > >> but needs to age out that cache somehow. My code does that with a > >> simple LRU but that isn't ideal. >> >> That's totally a good idea. is: >> https://www.ietf.org/archive/id/draft-ietf-rats-architecture-21.html#name-example-3-epoch-id-based-pa >> helpful?
> How do you think Rats epoch-id is different from Grasp session-id,
> where each originator in grasp simply has its own epoch-id space
> (because the session-ids from each originator are in context of that
> originator) ?
Ah.
A trusted third party would rain Epoch IDs down on all nodes, both transmitters
and
receivers. They could use signed M_FLOODs. yes, that creates a circular
problem, but the EpochIDs could be arranged to be a hash list, a la S/Key.
> I couldn't find reasonable examples of how often epoch-ids in rats
> would be changed, so i have a hard time coming up with a qualitative
> comparison.
It's a good question, and the answer depends upon how things will be used.
I would envision a new Epoch every few minutes to every few hours.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
