[noise] Question: Sending ee, es, se, ss more than once?
Trevor Perrin
trevp at trevp.net
Thu Jun 21 08:42:58 PDT 2018
On Thu, Jun 21, 2018 at 9:36 AM, David Wong <davidwong.crypto at gmail.com> wrote:
> These tokens are not triggering any exchanges (unlike `s` and `e`).
> These are just telling you to do a Diffie-Hellman key exchange and to
> iterate the chaining key. Having them multiple times would just run
> the chaining key multiple times and has no real effect. I'd say common
> sense is enough and the spec doesn't need to mention this.
I agree the spec doesn't need to mention this, since repeating
operations in a handshake pattern would be harmless and have no
effect, and common sense would dictate not to do this.
However, the spec currently disallows sending a public key (s or e)
multiple times, "to simplify implementation and testing". The goal
there was preventing implementations from worrying about the special
case of overwriting an existing public key.
I think the rationale for precluding multiple operations is weaker,
since it doesn't normally appear as a special case in code so we
wouldn't be saving implementations any thought or effort.
OTOH, if we preclude redundant transmission of values, maybe it would
be consistent to also preclude redundant computations. So we could
add another validity rule for that, similar to #2.
Anyways, no strong opinion, but I could see adding another validity
rule for this, if we decide we want this.
Trevor
More information about the Noise
mailing list