From 835d94407ff9e688142f56c5be9be506509fab0f Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 3 May 2025 10:23:01 -0400 Subject: [PATCH] ntcp2 notes --- i2p2www/spec/ntcp2.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/i2p2www/spec/ntcp2.rst b/i2p2www/spec/ntcp2.rst index f25d49c0..40f8732e 100644 --- a/i2p2www/spec/ntcp2.rst +++ b/i2p2www/spec/ntcp2.rst @@ -3,7 +3,7 @@ NTCP 2 ====== .. meta:: :category: Transports - :lastupdated: 2025-04 + :lastupdated: 2025-05 :accuratefor: 0.9.66 .. contents:: @@ -574,6 +574,10 @@ Notes set a random timeout (range TBD) and then read a random number of bytes (range TBD), before closing the socket. +- Bob may do a fast MSB check for a valid key (X[31] & 0x80 == 0) before + attempting decryption. If the high bit is set, implement probing resistance + as for AEAD failures. + - DoS Mitigation: DH is a relatively expensive operation. As with the previous NTCP protocol, routers should take all necessary measures to prevent CPU or connection exhaustion. Place limits on maximum active connections and maximum connection setups in progress.