Dear Dominic, Dear gnunet-hackers, I've made an updated PDF summarizing Dominic's improved OTR/3DH handshake (with the introduction of a signature, as per his paper), and then illustrating the improved handshake Jeff and I have been discussing (using *deniable* signatures). (Dominic, this is an updated version with more details than the version I sent you before.)
To clarify how this relates to GNUnet, I'm thinking this might be useful for a future iteration of the CORE/CADET protocols. While Dominic's wildcard attack doesn't apply to GNUnet today, the notion that we might not even want to give anyone undeniable signatures affirming our intention to communicate, and also not disclose public keys of the participants in the clear on the wire ever is quite nice (as are the other features of Dominic's proposal, especially 'initiator authenticates first', and 'protocol incompatibility = handshake failure = initiator rejected'). Right now, GNUnet is "content-OTR": DH KX ensures that the contents are deniable, but not all of the handshake itself (Bob could keep an undeniable signature from Alice after taking with her; also, the public keys of Bob and Alice do go in clear over the network.) So getting rid of those 'leaks' would be nice (to be clear, this was always by-design, so this discussion is about improving the design, not hot-fixing some terrible security problem). There are a bunch of open questions for how to really integrate this with GNUnet architecturally, but getting the mathematical part of the handshake right is a nice initial goal; not to mention this might help improve many other future protocols in this domain. So happy reading, comments welcome! Christian On 08/18/2015 03:21 PM, Dominic Tarr wrote: > hey, > > here is my hand shake paper: > > http://dominictarr.github.io/secret-handshake-paper/shs.pdf > > Any comments on the paper would be most appreciated. > > Dominic >
kx.pdf
Description: application/unknown-application-pdf
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list GNUnet-developers@gnu.org https://lists.gnu.org/mailman/listinfo/gnunet-developers
