Hi Chris, 2016-10-06 22:24 GMT+02:00 Chris Ballinger <[email protected]>: >> The current PR clarifies that though by putting it in the <key>. The key >> length is specified to be 16 bytes and the auth tag is just the rest. > > Ah ok. Still not sure why the auth tag is appended to the key now instead of > the payload. Seems like a lot of duplicated data for no real security > benefit.
I don't see any duplicate data here. The auth tag is moved from the end of the payload into the 'key'. Moved. Not copied. The reason is that everything in the <key> gets verified through libsignal. Thus we will verify the auth tag with libsignal and that in turn will verify the payload. (I'm gonna answer the rid question another time when it's not the middle of the night because I need to think about that some more) cheers daniel _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
