~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
NOTES: Remove unimplemented protocol negotiation
[secnet]
/
NOTES
diff --git
a/NOTES
b/NOTES
index
6a245ec
..
33c010e
100644
(file)
--- a/
NOTES
+++ b/
NOTES
@@
-193,21
+193,18
@@
i? is appropriate index for receiver
Note that 'i' may be re-used from one session to the next, whereas 'n'
is always fresh.
Note that 'i' may be re-used from one session to the next, whereas 'n'
is always fresh.
-The protocol version selection stuff is not yet implemented: I'm not
-yet convinced it's a good idea. Instead, the initiator could try
-using its preferred protocol (which starts with a different magic
-number) and fall back if there's no reply.
+The protocol version selection stuff is not yet implemented.
Messages:
Messages:
-1) A->B: *,iA,msg1,A,B,
protorange-A,
nA
+1) A->B: *,iA,msg1,A,B,nA
-2) B->A: iA,iB,msg2,B,A,
chosen-protocol,
nB,nA
+2) B->A: iA,iB,msg2,B,A,nB,nA
(The order of B and A reverses in alternate messages so that the same
code can be used to construct them...)
(The order of B and A reverses in alternate messages so that the same
code can be used to construct them...)
-3) A->B: {iB,iA,msg3,A,B,
protorange-A,chosen-protocol,
nA,nB,g^x mod m}_PK_A^-1
+3) A->B: {iB,iA,msg3,A,B,nA,nB,g^x mod m}_PK_A^-1
If message 1 was a replay then A will not generate message 3, because
it doesn't recognise nA.
If message 1 was a replay then A will not generate message 3, because
it doesn't recognise nA.
@@
-215,18
+212,11
@@
it doesn't recognise nA.
If message 2 was from an attacker then B will not generate message 4,
because it doesn't recognise nB.
If message 2 was from an attacker then B will not generate message 4,
because it doesn't recognise nB.
-If an attacker is trying to manipulate the chosen protocol, B can spot
-this when it sees A's message 3.
-
-4) B->A: {iA,iB,msg4,B,A,protorange-B,chosen-protocol,nB,nA,g^y mod m}_PK_B^-1
+4) B->A: {iA,iB,msg4,B,A,nB,nA,g^y mod m}_PK_B^-1
At this point, A and B share a key, k. B must keep retransmitting
message 4 until it receives a packet encrypted using key k.
At this point, A and B share a key, k. B must keep retransmitting
message 4 until it receives a packet encrypted using key k.
-A can abandon the exchange if the chosen protocol is not the one that
-it would have chosen knowing the acceptable protocol ranges of A and
-B.
-
5) A: iB,iA,msg5,(ping/msg5)_k
6) B: iA,iB,msg6,(pong/msg6)_k
5) A: iB,iA,msg5,(ping/msg5)_k
6) B: iA,iB,msg6,(pong/msg6)_k
@@
-251,10
+241,6
@@
some reason.
8) i?,i?,msg0,(send-packet/msg9,packet)_k
8) i?,i?,msg0,(send-packet/msg9,packet)_k
-Some messages may take a long time to prepare (software modexp on slow
-machines); this is a "please wait" message to indicate that a message
-is in preparation.
-
**** Other messages
9) i?,i?,NAK (NAK is encoded as zero)
**** Other messages
9) i?,i?,NAK (NAK is encoded as zero)