[noise] recent changes about decryption failure
Jason A. Donenfeld
Jason at zx2c4.com
Thu Mar 10 08:04:57 PST 2016
I just saw this:
+associated data. If a decryption error occurs the session has failed and the
+`CipherState` objects are deleted without sending or receiving further
+messages.
I'm not sure this is good behavior. I'm using Noise over UDP. If the
decryption fails, it means the packet wasn't legitimate and can be
dropped. But I don't want to kill the entire session because of this.
Otherwise it'd be a nasty DoS. Furthermore, packets are sometimes
corrupted on the wire. This means that the session is more or less
randomly deleted upon this corruption.
More information about the Noise
mailing list