[noise] Noise Explorer
Trevor Perrin
trevp at trevp.net
Fri May 25 02:04:19 PDT 2018
On Thu, May 24, 2018 at 5:30 PM, Nadim Kobeissi <nadim at symbolic.software> wrote:
>
> Observe message C in the following two results:
>
> https://noiseexplorer.com/patterns/KN.noise.html
> https://noiseexplorer.com/patterns/IK.noise.html
>
> In IK, message C is resistant to key compromise impersonation even if its
> sender (the initiator) negotiates a separate session in parallel with a
> compromised principal Charlie, who is controlled by the attacker
> unbeknownst to the sender.
>
> In KN, message C is also resistant to key compromise impersonation, but
> unlike message C in IK, this property does not hold if Charlie also enters
> the fray in a similar manner.
Sorry, I'm not following this. There's an obvious difference between
message C in KN and IK, which the Noise spec captures with
confidentiality property #1 vs #5.
Do you mean something different from these properties #1 and #5? I'm
not sure how to interpret "KCI-resistance" for message C of KN,
because this message is being sent to a recipient who doesn't have a
static key to compromise.
This is complicated, if you were able to explain it really slowly and
clearly it would help me, and maybe others.
Trevor
More information about the Noise
mailing list