3.1.5.1.3 CONNECTED_SIGNED

If the bExtOpcode field indicates FRAME_EXOPCODE_CONNECTED_SIGNED (0x03), the source address (for example, IPv4 address and port type when running on UDP) for the message is checked.

If the source address matches that of a previously initiated outbound connection that has not completed the handshake process, the dwSessID field MUST match that of the previously sent CONNECT packet, and the PACKET_COMMAND_POLL flag MUST be set in the bCommand field before the packet can be accepted. The dwSigningOpts field MUST have either the PACKET_SIGNING_FAST or the PACKET_SIGNING_FULL flag set, but not both, and the one set MUST exactly match the connector's desired signing mode. If the connector did not intend to use signing, this signed response SHOULD be ignored. Otherwise, the connection SHOULD be considered established, random sender and receiver signing secrets SHOULD be generated, and a CONNECTED_SIGNED response SHOULD be sent to confirm this connection. This CONNECTED_SIGNED response MUST NOT set the PACKET_COMMAND_POLL flag. A reliable KeepAlive DFRAME MUST also then be scheduled to ensure that the remote side that did not allocate resources yet is prompted to complete the connection establishment if the CONNECTED_SIGNED response is dropped.

If the source address matches that of a previously initiated inbound connection that has not completed the handshake process, the dwSessID field MUST match that of the previously received CONNECT packet, and the PACKET_COMMAND_POLL flag MUST NOT be set in the bCommand field before the packet can be accepted. If the connector is not using signing, this confirmation SHOULD be ignored. Lastly, the ullConnectSig cookie signature field SHOULD be validated to ensure that the sender saw the previous CONNECTED_SIGNED packet. If the signature is not valid, the packet MUST be ignored. Otherwise, the connection SHOULD be allocated and considered established, and the sender and receiver secrets provided SHOULD be saved. A reliable KeepAlive DFRAME SHOULD also be scheduled to immediately update round-trip time (RTT) measurements.

If the source address matches that of a previously established connection and the dwSessID field does not match the one that is used to establish the connection, or the PACKET_COMMAND_POLL flag is not set or the client is not intending to use signing, this packet MUST be ignored. Otherwise, a duplicate CONNECTED_SIGNED confirmation SHOULD be sent.

If the source address does not match any existing connection, the packet SHOULD be ignored. Note that if the implementation does not allocate resources when receiving the first CONNECT packet, the CONNECTED_SIGNED packets intended for previously initiated inbound connections that have not completed the handshake process would thus not match any existing connection. The ullConnectSig cookie field is used to determine whether this is the case, and if the cookie and thus the source address is validated, it SHOULD be handled as previously described.

This specification does not prescribe any particular method for generating or validating ullConnectSig cookies. If the implementation is set to use this field, it SHOULD incorporate the sender's source address (for example, the IP address and port for a UDP transport provider), the dwSessID value, and a time-dependent secret that only the listener knows and that uses a cryptographically secure algorithm that makes it difficult to guess.