[OTR-dev] Fragmenting proposal
Ian Goldberg
ian at cypherpunks.ca
Wed Dec 15 12:49:24 EST 2004
On Wed, Dec 15, 2004 at 06:23:58PM +0100, Paul Wouters wrote:
> On Wed, 15 Dec 2004, Ian Goldberg wrote:
>
> >Different IM networks have different maximum lengths that messages can
> >be. Can you guys look over this proposal for message fragmenting, and
> >see if there's something I'm missing? [This will become part of the
> >Protocol documentation.]
>
> Since there are no checks on the fragments, doesn't this completely disrupt
> the communication you can have if I'm inserting bogus fragments?
Yes, I thought of that. It would only disrupt fragmented packets
(unfragmented messages wouldn't be affected), but anyway, the threat
model includes:
# And, of course, there's the possibility of an active attacker, who is
# allowed to perform a Denial of Service attack, but not to learn
# contents of messages.
If there's an active attacker, there's really no way to stop him from
disrupting communication. What if he just continually inserts TCP RSTs?
> Then again, I don't want to suggest a pmtu type solution to you either.
> I'd probably go for a list of known good values per IM service.
Yes, I definitely would prefer just a known size list. I can test sizes
on jabber and AIM. Who's on other networks that can test packet
sizings?
- Ian
More information about the OTR-dev
mailing list