[noise] rev34 draft
Trevor Perrin
trevp at trevp.net
Mon Apr 9 22:29:35 PDT 2018
On Mon, Apr 9, 2018 at 8:13 PM, Justin Cormack
<justin at specialbusservice.com> wrote:
>
> A brief changelog alongside the spec would be helpful.
I'll add that when I find the time.
> Its marked official/stable in the html and pdf outputs.
Fixed.
One small change I forgot to mention: I removed the reference to KEA+
as originating the idea of hashing identity information into session
keys. I did a little research (prompted by Douglas Stebila) and
realized the idea of hashing identifiers into session keys for UKS
resistance was well-known substantially before KEA+, e.g. from Colin
Boyd's 2003 book:
"A general method to ensure that unknown key-share attacks do not
apply is to include both principal identities within the key
derivation function."
Or from the original paper on UKS by Blake-Wilson and Menezes in 1999:
"Instead of including the identities of the entities in the signed
message, one could include them in the key derivation function".
Trevor
More information about the Noise
mailing list