[noise] Revision 32 draft (march 30)
rhys.weatherley at gmail.com
Sat Apr 1 14:43:28 PDT 2017
Sorry about the partial message. Darn email client.
On Fri, Mar 31, 2017 at 11:40 AM, Trevor Perrin <trevp at trevp.net> wrote:
> * Rekey capability:
> - Encryption with MAXNONCE is used to rekey by default, though we
> allow definition of a more specialized rekey for ciphers like
> AESGCM-SIV where we'd rather use the cipher key directly with AES,
> instead of going through the whole key-derivation / SIV process.
> - Up to application if/when/how to use this.
> - Would still like to analyze more, but this is probably good .
REKEY() looks good. The only nitpick I have is with "returns a new 32-byte
cipher key". I think in the next revision we should consider adding KEYLEN
and MACLEN constants to the Noise specification. Right now it is
hard-wired for 256-bit keys and 128-bit MAC's, but that assumption may not
hold forever. Consider:
That is, 512-bit Threefish in EAX mode. KEYLEN = MACLEN = 64 (MACLEN may
be truncated, but not necessarily only to 16).
Eventually we'll have to think about larger key and MAC sizes. Then
REKEY() becomes "returns a new KEYLEN-byte cipher key".
That's all I have for now - the other changed sections look A-OK.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noise