ltgcgo / ditzy

📬 Reconstructing state over stateless messages.
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Design references #1

Open PoneyClairDeLune opened 3 weeks ago

PoneyClairDeLune commented 3 weeks ago
PoneyClairDeLune commented 2 weeks ago

Should also support Brotli compression at level 1, because it's...

Can use Content-Encoding: br under HTTP mode to dynamically adapt.

PoneyClairDeLune commented 2 weeks ago

https://github.com/httptoolkit/brotli-wasm

Potential Brotli implementation.

PoneyClairDeLune commented 2 weeks ago

Potentially, handshakes can timeout after 10 to 30 seconds, while a connection can be considered dead after having no activities for 90 to 150 seconds. Browsers time out after 30 for handshakes, and 120 or 300 for activities. The maximum non-multiplexed allowed connection count between the browser and the server should be 8, as per browser practices (6~8).

PoneyClairDeLune commented 1 week ago

Firefox settings (network.http):

PoneyClairDeLune commented 1 week ago

NGINX default timeouts: https://www.baeldung.com/linux/nginx-timeouts#bd-basic-nginx-timeouts

PoneyClairDeLune commented 1 week ago

Some considerations to increase throughput or not, taken from designs of NGINX and I2P.

PoneyClairDeLune commented 1 week ago

There is another possible attack with client IDs. Since server egress load would be distributed across all underlying connections set with the same client ID, there exists a chance where an attacker could've got some of the victim's S-C messages. Client ID bind messages could've added an extension that allows integration of a simple key verification/challenge if concerned, and rate limits could've been placed to limit how fast client ID binds can happen.

However, with an ID space of 1 to 268435455 (228-1) and with some rate limits set, a collision is unlikely to happen. A successful collision will take 13768938.79 (5th percentile), 28282497.91 (10%), 186065278.45 (50%), 618095475.96 (90%) and 804160754.41 (95%) attempts respectively on average. If a once-per-second rate limit is placed on client ID binds, a collision will happen in 159.36 days under the unluckiest circumstances. Unless proven otherwise, a verification/challenge scheme is largely not needed.

PoneyClairDeLune commented 1 week ago

Just a thought: Apart from forcibly offering reconstructed duplex connections, Ditzy could also be used as a multiplexing scheme...