Hi Cy, Please read up on the Axolotl/Signal protocol. It explains nicely how to forget about secrets in the case of unreliable, out-of-order delivery. This is also what CADET implements.
Happy hacking! Christian On 7/10/20 6:03 AM, Cy wrote: > If I have a shared secret ratchet going on, and I send something encrypted > with secret 1, > I can't get rid of secret 1, can I? I need to wait until the peer sends me > something > encrypted with secret 2, before I know we've both gone past secret 1. But > waiting > is dumb. If I want to send multiple messages in a row, can't I continue using > secret 1? > Usually I'll just wait for a reply, but just if there are like, updates or > typoes, or > something. > > I can't think of a scenario where I'd send a message, and then send another > one, and the first would be more incriminating than the second. Worst comes > to worst I > could have a special "Abort" message that says I threw away all secrets > because I sent a > message I regret. But if the Abort message itself is lost and never > delivered... > > Sorry this is really confusing me. Because if I send S1(M1) then discard S1 > for S2, with > unreliable delivery, S1(M1) might never reach you, so when you wanted to send > me a > message you'd use S1 too, and I wouldn't be able to decrypt it anymore. But > if I hold > onto S1, and only discard it when you use S2 or S3, then we won't have to > re-establish > the conversation, in a way that seems much easier to monitor than the reuse > of a shared > secret. >
0x939E6BE1E29FC3CC.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
