[noise] Noise XK 5 should be a 4?
nadim at symbolic.software
Tue Apr 30 06:00:18 PDT 2019
Symbolic Software • https://symbolic.software
Sent from office
On Tue, Apr 30, 2019 at 6:07 AM david wong <davidwong.crypto at gmail.com>
> Oh right! The payload authenticates the handshake.
> I suggest a payload token!
> > On Apr 29, 2019, at 8:56 PM, Trevor Perrin <trevp at trevp.net> wrote:
> >> On Mon, Apr 29, 2019 at 6:22 PM david wong <davidwong.crypto at gmail.com>
> >> I think my brain is farting, but shouldn't XK's last message provide a
> 4 in dest payload security?
> > I think the spec is right (5).
> >> You can send your own e as the server's response and the client's last
> handshake payload will have weak forward secrecy
> > Forging the responder(server)'s response requires knowledge of either
> > the responder's static private key or the initiator's ephemeral
> > private key.
> > In the messages marked 5 the sender has authenticated the recipient's
> > ephemeral using their own (sender) ephemeral and the recipient's
> > static key, so there's no "weak forward secrecy" issues.
> > Trevor
> Noise mailing list
> Noise at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noise