<div dir="ltr"><a href="https://noiseexplorer.com/patterns/XK/E.html">https://noiseexplorer.com/patterns/XK/E.html</a> <br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><br></div><div dir="ltr">Nadim Kobeissi<div>Symbolic Software <span style="color:rgb(84,84,84);font-size:small">• <a href="https://symbolic.software" target="_blank">https://symbolic.software</a></span></div><div><span style="color:rgb(84,84,84);font-size:small">Sent from office</span></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 30, 2019 at 6:07 AM david wong <<a href="mailto:davidwong.crypto@gmail.com">davidwong.crypto@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Oh right! The payload authenticates the handshake. <br>
<br>
I suggest a payload token!<br>
<br>
David<br>
<br>
> On Apr 29, 2019, at 8:56 PM, Trevor Perrin <<a href="mailto:trevp@trevp.net" target="_blank">trevp@trevp.net</a>> wrote:<br>
> <br>
>> On Mon, Apr 29, 2019 at 6:22 PM david wong <<a href="mailto:davidwong.crypto@gmail.com" target="_blank">davidwong.crypto@gmail.com</a>> wrote:<br>
>> <br>
>> I think my brain is farting, but shouldn't XK's last message provide a 4 in dest payload security?<br>
> <br>
> I think the spec is right (5).<br>
> <br>
> <br>
>> You can send your own e as the server's response and the client's last handshake payload will have weak forward secrecy<br>
> <br>
> Forging the responder(server)'s response requires knowledge of either<br>
> the responder's static private key or the initiator's ephemeral<br>
> private key.<br>
> <br>
> In the messages marked 5 the sender has authenticated the recipient's<br>
> ephemeral using their own (sender) ephemeral and the recipient's<br>
> static key, so there's no "weak forward secrecy" issues.<br>
> <br>
> <br>
> Trevor<br>
_______________________________________________<br>
Noise mailing list<br>
<a href="mailto:Noise@moderncrypto.org" target="_blank">Noise@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/noise" rel="noreferrer" target="_blank">https://moderncrypto.org/mailman/listinfo/noise</a><br>
</blockquote></div>