[noise] Draft extension: Ephemeral key obfuscation
Justin Cormack
justin at specialbusservice.com
Mon May 28 07:43:12 PDT 2018
On Mon, 28 May 2018, 15:15 str4d, <str4d at i2pmail.org> wrote:
>
> My understanding of psk in Noise was that it is intended to be a secret
> known only to a specific (initiator, responder) pair. That precludes the
> use case where the initiator looks up the connection info for the
> responder in e.g. a public DHT (requiring psk0 to be a public value used
> by all initiators). If my understanding is incorrect, then this would
> definitely be an interesting alternative proposal (at the cost of extra
> bytes per handshake message for the additional per-ephemeral nonce).
>
No there are notes in the spec about using an all 0 psk as a placeholder
for example and the reason for allowing multiple psk and different
placement is to allow them to depend on various different things that
become available at different times. Using an additional psk0 that is
public should be fine I would think.
The handshake cost may not exist if you are padding handshakes anyway.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180528/1100bb38/attachment.html>
More information about the Noise
mailing list