[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] key exchanges

From: Christian Grothoff
Subject: Re: [GNUnet-developers] key exchanges
Date: Fri, 04 Sep 2015 18:24:58 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0

Dear Dominic,
Dear gnunet-hackers,

I've made an updated PDF summarizing Dominic's improved OTR/3DH
handshake (with the introduction of a signature, as per his paper), and
then illustrating the improved handshake Jeff and I have been discussing
(using *deniable* signatures). (Dominic, this is an updated version with
more details than the version I sent you before.)

To clarify how this relates to GNUnet, I'm thinking this might be useful
for a future iteration of the CORE/CADET protocols. While Dominic's
wildcard attack doesn't apply to GNUnet today, the notion that we might
not even want to give anyone undeniable signatures affirming our
intention to communicate, and also not disclose public keys of the
participants in the clear on the wire ever is quite nice (as are the
other features of Dominic's proposal, especially 'initiator
authenticates first', and 'protocol incompatibility = handshake failure
= initiator rejected').

Right now, GNUnet is "content-OTR": DH KX ensures that the contents are
deniable, but not all of the handshake itself (Bob could keep an
undeniable signature from Alice after taking with her; also, the public
keys of Bob and Alice do go in clear over the network.)  So getting rid
of those 'leaks' would be nice (to be clear, this was always by-design,
so this discussion is about improving the design, not hot-fixing some
terrible security problem).

There are a bunch of open questions for how to really integrate this
with GNUnet architecturally, but getting the mathematical part of the
handshake right is a nice initial goal; not to mention this might help
improve many other future protocols in this domain.

So happy reading, comments welcome!


On 08/18/2015 03:21 PM, Dominic Tarr wrote:
> hey,
> here is my hand shake paper:
> Any comments on the paper would be most appreciated.
> Dominic

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]