[noise] Hidden fallback

Rhys Weatherley rhys.weatherley at gmail.com
Sat Apr 23 18:01:29 PDT 2016

On Sun, Apr 24, 2016 at 10:43 AM, Alex <alex at centromere.net> wrote:

> I fear that your changes would emulsify the protocol stack. By making
> the protocol say, "Perform EncryptAndHash(payload) for all tokens
> EXCEPT this one", it adds special cases and exceptions that make the
> code more complex and more difficult to audit.

Fair enough.  A proper payload can be included on the first packet but if
fallback occurs then the MAC value cannot be verified and the contents
cannot be decrypted by the responder.  I thought it would be easier to
forbid the non-decryptable payload completely but perhaps not.

The higher layers of the protocol stack still need to be able to recognize
"did not decrypt: ignore this payload and continue" so I'm not sure that it
would eliminate the special case handling completely.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160424/0261ef66/attachment.html>

More information about the Noise mailing list