[noise] Session identifiers
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Apr 19 13:40:16 PDT 2016
On Tue 2016-04-19 00:37:28 -0400, Rhys Weatherley wrote:
> The signature is secret. What is being signed (the session identifier) is
> not. Paranoia again. Knowing what is signed, combined with timing
> information, might pry open the signing key.
As Trevor has already commented, fears about known signatures putting
the signing key at risk are a sign that something else is severely
broken with any digital signature scheme.
That said, there is still a good reason for people to want their
signatures to be secret: usually, you only want to identify yourself to
the remote party in the communication, and not to any casual network
observer.
--dkg
More information about the Noise
mailing list