[noise] Draft extension: Authentication of handshake data between messages

Justin Cormack justin at specialbusservice.com
Sun Jun 3 01:33:39 PDT 2018


On Sun, 3 Jun 2018, 09:09 Trevor Perrin, <trevp at trevp.net> wrote:

> On Sun, Jun 3, 2018 at 7:23 AM, str4d <str4d at i2pmail.org> wrote:
> > On 05/29/2018 07:59 PM, str4d wrote:
> >> On 05/29/2018 06:28 AM, Trevor Perrin wrote:
> >>> I wonder whether the "psk?" modifier approach could be directly
> >>> adapted, i.e. if we had an "h?" modifier where you could specify h0,
> >>> h1, h2, etc just like psk0, psk1, etc, would that suffice?  Or maybe
> >>> you'd want more flexible placement?
> >>
> >> I think this might suffice. I'll try implementing this in snow and see
> >> if it can be made exactly compatible with my existing protocol
> >> implementation.
> >
> > It works! Here is the updated draft extension. The only change I needed
> > to make to my existing protocol implementation (after switching the my
> > branch of snow with this updated draft implemented) was to add the
> > modifiers h1 and h2 to the protocol name.
>
> Nice, glad that works for you!
>
> Looking at your draft text:  It might be more aligned with our
> existing tokens and modifiers if we allowed the "h" token to appear
> anywhere, and multiple times, even if the "h?" modifier was only able
> to place it at the end of messages.
>
> Our current tokens have a lot of flexibility in how they can be
> arranged, even though we've named only a small set of these
> arrangements via pattern names and modifiers.
>
> (We should probably also think more about potential use cases, and see
> if we want the modifier to be capable of more flexible token
> placement).
>

Would h0 be the same as prologue then? It would make existence of prologue
more explicit in that case.

Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180603/5809026d/attachment.html>


More information about the Noise mailing list