On Fri, Jul 16, 2021 at 8:31 AM Ian Goldberg wrote:
[...]
> But this post from Trevor also made me realize a bigger issue with the
> protocol Nick proposed:
>
> If you want the protocol to work with Walking Onions, it needs to be
> *post-specified peer*. That is, contrary to:
>
> > The client kn
On Fri, Jul 16, 2021 at 5:31 AM Ian Goldberg wrote:
>
> On Tue, Jul 13, 2021 at 11:34:47AM -0700, Trevor Perrin wrote:
> > You also wanted to add an (optional) pre-shared key, which Noise supports:
> >
> > NKpsk0:
> > <- s
> > ...
> > -> psk, e, es
> > <- e, ee
>
> Out of curiosity, Trevor
On Tue, Jul 13, 2021 at 11:34:47AM -0700, Trevor Perrin wrote:
> You also wanted to add an (optional) pre-shared key, which Noise supports:
>
> NKpsk0:
> <- s
> ...
> -> psk, e, es
> <- e, ee
Out of curiosity, Trevor, what properties does this Noise protocol
provide for low-entropy psk?
Hi Nick, you might look at the Noise framework:
http://noiseprotocol.org/noise.html
Noise has a naming scheme for "handshake patterns". Ntor matches what
we call NK1. Your new scheme I think matches NK (the 1 in NK1
indicates a "deferred" pattern where the DH operation that
authenticates the se
On Mon, Jul 12, 2021 at 03:09:02PM -0400, Nick Mathewson wrote:
> On Mon, Jul 12, 2021 at 3:04 PM Ian Goldberg wrote:
> >
> > On Mon, Jul 12, 2021 at 12:01:47PM -0400, Nick Mathewson wrote:
> > > Both parties know that they used the same verification string; if
> > > they did not, they do not lear
On Mon, Jul 12, 2021 at 3:04 PM Ian Goldberg wrote:
>
> On Mon, Jul 12, 2021 at 12:01:47PM -0400, Nick Mathewson wrote:
> > Both parties know that they used the same verification string; if
> > they did not, they do not learn what the verification string was.
> > (This feature is required for HS h
On Mon, Jul 12, 2021 at 12:01:47PM -0400, Nick Mathewson wrote:
> Both parties know that they used the same verification string; if
> they did not, they do not learn what the verification string was.
> (This feature is required for HS handshakes.)
I'm not sure the protocol you specify has this fea
```
Filename: 332-ntor-v3-with-extra-data.md
Title: Ntor protocol with extra data, version 3.
Author: Nick Mathewson
Created: 12 July 2021
Status: Open
```
# Overview
The ntor handshake is our current protocol for circuit
establishment.
So far we have two variants of the ntor handshake in use: t