[noise] Question: Sending ee, es, se, ss more than once?
Ximin Luo
ximin at dfinity.org
Wed Jun 20 16:59:03 PDT 2018
How you respond to the resending should be made clear. I think it's
perfectly fine to resend anything more than once for reliability purposes,
as long as the endpoints can detect it and make the effect of receiving it
idempotent. In otherwords, the protocol state should not change after
receiving the same thing multiple times.
OTOH if you launch a new protocol instance after receiving the same thing
twice, or fork existing instances' state to respond to duplicate es/se
messages or whatever, that's obviously going to have security implications,
probably not good ones.
OTOH if you mean sending *different* e values and then mixing that into the
protocol state, that also has security implications. You could do it in a
way that maintains security but then I wonder what the point is.
X
On Sat, Jun 16, 2018 at 2:27 AM, Nadim Kobeissi <nadim at symbolic.software>
wrote:
> Hello everyone,
> I have a question which is not very important but still probably worth
> addressing for completeness.
>
> The Noise specification (in Section 7.1) specifically disallows sending
> `s` or `e` more than once by a single party, and this makes perfect sense.
> However, it does not seem to disallow sending `ee`, `es`, `se` or `ss` more
> than once.
>
> On the upside: I can't spot any security-related disadvantage (or benefit)
> that can arise from disallowing these tokens to be sent more than once.
>
> On the downside: Technically, this makes it so that Noise Handshake
> Patterns can have an infinitely long handshake phase, which I don't find
> useful or clean in terms of framework design.
>
> I hope this won't open way to a bike-shedding discussion. In my personal
> opinion, we should disallow sending these tokens more than once, unless
> there's something that I'm missing.
>
> Thank you,
>
> Nadim Kobeissi
> Symbolic Software • https://symbolic.software
> Sent from office
>
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180620/ae4d8893/attachment.html>
More information about the Noise
mailing list