Without introducing signatures? Keeping it DH-only? Good luck. If you've got cryptographic advancements like this, I'm sure @trevp__ and the Noise mailing list would be very interested to hear your suggestions.
-
-
Replying to @EdgeSecurity @tqbf and
I’m still not clear why the extra (Paterson) message flow can’t be a few extra bytes in the same message as the first normal record flow.
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green @tqbf and
Because it'd have to then be in every message, due to drops. Same problem as the original. It'd also hurt the MTU and make the state machine hugely more complicated. An additional mandatory message is not acceptable.
1 reply 0 retweets 1 like -
Replying to @EdgeSecurity @tqbf and
Wait, but the first transport message is “special” already, right? It includes a timestamp that the other messages don’t include?pic.twitter.com/mAinqjyUiZ
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green @EdgeSecurity and
I may be misreading this section. But if the first message is special and different from the other messages, how do you survive a drop of that message.
1 reply 0 retweets 0 likes -
Replying to @matthew_d_green @tqbf and
Yes. The first message (I-->R) and second message (R-->I) are the special ones. Those can't be dropped. But if they do drop, then you just start over at the beginning. There's no complex state machine. No reply after timeout --> start protocol over.
1 reply 0 retweets 0 likes -
Replying to @EdgeSecurity @matthew_d_green and
Adding a third mandatory message would entirely ruin that and blow up a simple rule into a series of complex state machine rules. Rememer: the complexity of state machines rarely grows just linearly.
1 reply 0 retweets 0 likes -
Replying to @EdgeSecurity @tqbf and
Is this section referring to the first message after the DH or the first message, period.
1 reply 0 retweets 0 likes -
-
Replying to @EdgeSecurity @tqbf and
What is the timestamp encrypted under then?
1 reply 0 retweets 0 likes
ES, SS. Scroll down to section 5.4.2. Probably all of section 5.4 is worth reading and will answer questions you have about those particulars. There's also the Noise spec which is even more detailed. If it still seems vague, I'm also happy to do full-length emails or Hangouts.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.