[noise] Hidden fallback
Rhys Weatherley
rhys.weatherley at gmail.com
Sat Apr 23 18:01:29 PDT 2016
On Sun, Apr 24, 2016 at 10:43 AM, Alex <alex at centromere.net> wrote:
> I fear that your changes would emulsify the protocol stack. By making
> the protocol say, "Perform EncryptAndHash(payload) for all tokens
> EXCEPT this one", it adds special cases and exceptions that make the
> code more complex and more difficult to audit.
>
Fair enough. A proper payload can be included on the first packet but if
fallback occurs then the MAC value cannot be verified and the contents
cannot be decrypted by the responder. I thought it would be easier to
forbid the non-decryptable payload completely but perhaps not.
The higher layers of the protocol stack still need to be able to recognize
"did not decrypt: ignore this payload and continue" so I'm not sure that it
would eliminate the special case handling completely.
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160424/0261ef66/attachment.html>
More information about the Noise
mailing list