discv5: include plain id-nonce into HANDSHAKE packet

[mkalinin]

This issue is a proposal to bring back plain id-nonce in a HANDSHAKE packet. id-nonce is sent by remote peer during handshake process in a WHOAREYOU packet.

In discv5.1 this field has been removed from the HANDSHAKE.

Rationale

Plain id-nonce allows for a sanity check on whether remote peer accounted WHOAREYOU packet (received and parsed it) before sending HANDSHAKE or not.

One may send the same packet twice (with some timeout) to trigger signature verification. First message is treated as random packet and initiates the handshake with egress WHOAREYOU message. The second message arrives disregarding the WHOAREYOU that was sent and is treated as HANDSHAKE and triggers signature verification.

The worse attack scenario could be played with help of relatively cheap spoofed vps. One may be constantly sending the same pair of messages from multiple identities in parallel (DDoS) causing multiple signature verifications at a time.

Solution

An optimal solution from @fjl that does not increase the size of the HANDSHAKE:

there is a good way to address this without increasing the handshake packet size even more: just replace the src-id with id-nonce.