[noise] Noise XK 5 should be a 4?
david wong
davidwong.crypto at gmail.com
Mon Apr 29 21:07:41 PDT 2019
Oh right! The payload authenticates the handshake.
I suggest a payload token!
David
> On Apr 29, 2019, at 8:56 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
>> On Mon, Apr 29, 2019 at 6:22 PM david wong <davidwong.crypto at gmail.com> wrote:
>>
>> I think my brain is farting, but shouldn't XK's last message provide a 4 in dest payload security?
>
> I think the spec is right (5).
>
>
>> You can send your own e as the server's response and the client's last handshake payload will have weak forward secrecy
>
> Forging the responder(server)'s response requires knowledge of either
> the responder's static private key or the initiator's ephemeral
> private key.
>
> In the messages marked 5 the sender has authenticated the recipient's
> ephemeral using their own (sender) ephemeral and the recipient's
> static key, so there's no "weak forward secrecy" issues.
>
>
> Trevor
More information about the Noise
mailing list