[noise] Draft extension: Authentication of handshake data between messages
str4d
str4d at i2pmail.org
Tue May 29 00:24:52 PDT 2018
On 05/29/2018 06:28 AM, Trevor Perrin wrote:
> Interesting, this feels similar to PSKs to me - PSKs are a way to
> inject external keys, and this would be a way to inject external
> handshake transcript.
Mmm, that's a nice analogy.
>
> I think we'd want this included in modifiers, not arbitrarily called
> by the application. Currently the protocol name precisely specifies
> the sequence of MixHash/MixKey crypto steps. That's important to
> avoid cross-protocol attacks, so if we're going to modify the crypto
> steps we should reflect that precisely in the protocol name, via
> modifiers.
Makes sense.
>
> I wonder whether the "psk?" modifier approach could be directly
> adapted, i.e. if we had an "h?" modifier where you could specify h0,
> h1, h2, etc just like psk0, psk1, etc, would that suffice? Or maybe
> you'd want more flexible placement?
I think this might suffice. I'll try implementing this in snow and see
if it can be made exactly compatible with my existing protocol
implementation.
str4d
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180529/49afce04/attachment.sig>
More information about the Noise
mailing list