[noise] Extra key derivation - use cases, mechanisms
alex at centromere.net
alex at centromere.net
Thu Jan 19 07:01:27 PST 2017
On 2017-01-19 05:49, Trevor Perrin wrote:
> We've had a few discussions about deriving extra keys for various
> uses. I'll try to collect the use cases and some options:
>
> Use cases for extra keys
> -------------------------
>
> (1) REKEY: During the transport phase, the application might want to
> replace an old k with new k such that compromise of new k doesn't
> compromise old k.
>
Could this legitimately be called "forward secrecy"?
If the adversary compromises the first/oldest k, you're completely SOL,
right?
> (2) PSK for renegotiation/resumption: A key derived from an old
> session could be used as PSK in a new handshake either contained
> within the original session (renegotiation) or some time later
> (resumption).
>
What exactly is the difference between renegotiation and resumption?
Does the former require one or more DH operations while the latter
requires zero?
More information about the Noise
mailing list