fjl
commented
4 years ago Coming back to this issue, I feel what we'd really need is a good description of the session key cache in discv5-theory.md. This text should go into sufficient detail to cover this issue as well, i.e. we should define precisely when the session is considered established and also what it's tied to.
When a man-in-the-middle responds to a call message (PING, FINDNODE, ...) with WHOAREYOU, the spec explicitly says that the new session should be considered established only when a valid authenticated call response comes through with the new keys. We should document that the reason for this requirement is to prevent messing up existing sessions through MITM.