[noise] Noise XK 5 should be a 4?
Trevor Perrin
trevp at trevp.net
Mon Apr 29 20:56:04 PDT 2019
On Mon, Apr 29, 2019 at 6:22 PM david wong <davidwong.crypto at gmail.com> wrote:
>
> I think my brain is farting, but shouldn't XK's last message provide a 4 in dest payload security?
I think the spec is right (5).
> You can send your own e as the server's response and the client's last handshake payload will have weak forward secrecy
Forging the responder(server)'s response requires knowledge of either
the responder's static private key or the initiator's ephemeral
private key.
In the messages marked 5 the sender has authenticated the recipient's
ephemeral using their own (sender) ephemeral and the recipient's
static key, so there's no "weak forward secrecy" issues.
Trevor
More information about the Noise
mailing list