Right, the issue he has is with @trevp__ 's NoiseIK -- https://noiseprotocol.org/noise.pdf Notably the only security analysis done on other aspects of the WireGuard protocol -- such as the Cookies and defense-in-depth design -- has been in the original NDSS paper.
Did you read that mailing list post? I've pasted it a few times here. The modification increases the number of non-droppable messages. It's not suitable for a real world WireGuard protocol. Kenny, Ben, and I discussed this and were in agreement.
-
-
I’m still convinced there’s an alternative tweak that wouldn’t increase the number of messages.
-
Without introducing signatures? Keeping it DH-only? Good luck. If you've got cryptographic advancements like this, I'm sure
@trevp__ and the Noise mailing list would be very interested to hear your suggestions. - 10 more replies
New conversation -
-
-
I'm not sure you can't get the property in two rounds without introducing signatures. Kristian Lauter seems to make this general claim in the KEA+ paper (see KEA+C). But if you are able to remove confirmation message requirement, great: you've contributed something useful.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.