[Cryptography] block size / block cipher versus stream cipher

[jrzx]

On Friday, March 26, 2021 8:41 AM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:

> A host accepts UDP requests from multiple clients which MAY change their Source IP address and port at any time because of NAT deployment.

Not at any time, not in the middle of active conversation, because that would break TCP and flow control

If your NAT has some ports dynamically mapped, to allow incoming packets, it is not going to move the ports it has mapped to a new network address.

Which means that time your source address changes, you are going to be renegotiating flow control, in which case you should be negotiating a new shared secret from asymmetric secrets.

Nat sees an outgoing packet, whose IP address probably starts with 192, and maps it to the IP and port it is going to use on the wider internet, and forwards it. And then, when it receives a packet with the same network addresses and port addresses, maps it back, and forwards it from the wider internet to its local network, where addresses probably start with 192.

If it were to change the mapping for these active in use ports, TCP would break.

If your client is receiving, it can send in confidence that if uses the same network addresses and ports in the send, as it received on a few milliseconds ago, the server will see the same network addresses as it sent on, even if it is not seeing the same network addresses as the client.

If your client has, however not received anything for a little while, then it is time to negotiate a new secret.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210329/724f0e2d/attachment.htm>