[Nfd-dev] Re-presenting the case against nonces

Lixia Zhang lixia at CS.UCLA.EDU
Sun Mar 1 19:31:14 PST 2015 

> On Mar 1, 2015, at 5:25 PM, Ignacio.Solis at parc.com wrote:
> 
> It is evident from these past email threads that nonces are still causing
> problems for NDN.  Isn¹t it time you re-evaluate their use?
> 
> I would be one of the people that has argued that this is an architectural
> problem.
> 
> From the emails (and links) it has been stated that NONCES have issues in
> detecting loops when the loop is longer than the PIT entry. This is
> considering the simple case of interests not forking.  To solve this
> problem (how to use nonces to detect loops reliably) the only possible
> solution is to have really long lived PIT entries.  I would argue this
> won¹t be feasible and it becomes an attack vector.
> 
> In the non-simple case of an interest being forked with the same nonce,
> you may have a loop where the PIT entry is satisfied and no longer exists
> by the time the looped interest arrives.  The current proposal to solve
> this is to keep nonces around for a long time. Again, this increases the
> memory usage at a router and you have to guess the time loops can take.
> 
> There is a second issue which arises from nodes dropping an interest if
> the nonce has already been seen.  Whether the second nonce is from a
> looped interest OR from a interest that has been forked in the past, there
> is a problem with interest aggregation.  Any interest that has been
> aggregated in a PIT entry created by the original interest (the forked one
> with the original nonce) is at risk of being black-holed by dropping the
> repeated nonce.
> 
> There are multiple ways to solve this.  One is to change how aggregation
> is done (potentially the right choice). Another is to never fork an
> interest (also a potentially valid choice). Yet another is to not drop the
> interest with the repeated nonce.
> 
> I admit that I don¹t know what the NDN solution for this is.  I do know,
> both from Alex and Lixia¹s email, that there is a
> proposal/technique/suggestion that any router that forks interests should
> pick a new nonce for the forked interest.

Just to clarify this specific point: the above is not what I said.

1/ the issue brought up by Lan is not a looping problem.

2/ Lan was using pings for measurement, and saw unexpected forwarding paths (not loops)

3/ I suggested that she should send interest with different nonce if she expects the interests sent to different routers to all bring back data.

Just a clarification.  Now back to your discussion.

More information about the Nfd-dev mailing list