[noise] XXfallback: es vs se
Trevor Perrin
trevp at trevp.net
Sat Jan 28 14:27:38 PST 2017
On Sat, Jan 28, 2017 at 2:37 AM, Scratch <scra tch.net at gmail.com> wrote:
> I was implementing XXfallback pattern for Go and it took longer than
> expected because of 2 things that I'd like to mention
>
> 1) It's totally unclear that from the point of view of responder (ex
> initiator) who composes the last mesage the last token is actually se,
> not es.
I agree, the way we reverse the initiator and responder roles for the
fallback pattern is hard to read.
(It's similarly confusing to how we previously interpreted the tokens
from the sender's perspective. We fixed that by changing the token
interpretation so "se" no longer means sender's static, but always
means initiator's static, which is one reason it's confusing to look
at older libraries like screech).
It would be better if we could write the fallback pattern as:
Noise_XX(s, rs):
-> e
<- e, ee, s, es
-> s, se
Noise_XXfallback(s, rs, re):
-> e
...
<- e, ee, s, es
-> s, se
But we'll need to tweak the text somehow to allow that (currently, the
first message after the pre-messages indicates initiator, with
right-pointing arrow).
That's a good change for a next revision, if someone wants to figure
out to allow that and submit a PR.
> 2) Also took me a while to find out that in case PSK exists we should
> also pre-mix e into key. My bad, but I'd add a reference to it to
> XXfallback description
OK, I'll think how to clarify that (PRs welcome here, too).
Trevor
More information about the Noise
mailing list