diff options
| author |   trevnoise <noise@trevp.net> | 2017-09-30 00:39:45 +0000 |
|---|---|---|
| committer | trevnoise <noise@trevp.net> | 2017-09-30 00:39:45 +0000 |
| commit | 9f586f9086a679423cd7c13fea4e32273e8efc5d (patch) | |
| tree | d02972277db5e368aeebcdce31bdf4761791080a | |
| parent | Wording (diff) | |
| download | noise-9f586f9086a679423cd7c13fea4e32273e8efc5d.tar.xz noise-9f586f9086a679423cd7c13fea4e32273e8efc5d.zip | |
wording
| -rw-r--r-- | noise.md | 10 | ||||
| -rw-r--r-- | output/noise.html | 4 | ||||
| -rw-r--r-- | output/noise.pdf | bin | 370125 -> 370177 bytes |
3 files changed, 8 insertions, 6 deletions
@@ -585,9 +585,11 @@ instead (see [Section 9](pre-shared-symmetric-keys)). ====================== A **message pattern** is some sequence of tokens from the set `("e", "s", "ee", -"es", "se", "ss", "psk")`. (The `"psk"` token is described in [Section -9](pre-shared-symmetric-keys); future specifications might introduce other -tokens). +"es", "se", "ss", "psk")`. The handling of these tokens within +`WriteMessage()` and `ReadMessage()` has been described previously, except for +the `"psk"` token, which will be described in [Section +9](pre-shared-symmetric-keys). Future specifications might introduce other +tokens. A **pre-message pattern** is one of the following sequences of tokens: @@ -605,7 +607,7 @@ A **handshake pattern** consists of: * A pre-message pattern for the responder, representing information about the responder's public keys that is known to the initiator. - * A sequence of message patterns for the actual handshake messages + * A sequence of message patterns for the actual handshake messages. The pre-messages represent an exchange of public keys that was somehow performed prior to the handshake, so these public keys must be inputs to diff --git a/output/noise.html b/output/noise.html index 5408051..4741b74 100644 --- a/output/noise.html +++ b/output/noise.html @@ -323,7 +323,7 @@ <p>For example, suppose Bob communicates to Alice a list of Noise protocols that he is willing to support. Alice will then choose and execute a single protocol. To ensure that a "man-in-the-middle" did not edit Bob's list to remove options, Alice and Bob could include the list as prologue data.</p> <p>Note that while the parties confirm their prologues are identical, they don't mix prologue data into encryption keys. If an input contains secret data that’s intended to strengthen the encryption, a PSK handshake should be used instead (see <a href="pre-shared-symmetric-keys">Section 9</a>).</p> <h1 id="handshake-patterns">7. Handshake patterns</h1> -<p>A <strong>message pattern</strong> is some sequence of tokens from the set <code>("e", "s", "ee", "es", "se", "ss", "psk")</code>. (The <code>"psk"</code> token is described in <a href="pre-shared-symmetric-keys">Section 9</a>; future specifications might introduce other tokens).</p> +<p>A <strong>message pattern</strong> is some sequence of tokens from the set <code>("e", "s", "ee", "es", "se", "ss", "psk")</code>. The handling of these tokens within <code>WriteMessage()</code> and <code>ReadMessage()</code> has been described previously, except for the <code>"psk"</code> token, which will be described in <a href="pre-shared-symmetric-keys">Section 9</a>. Future specifications might introduce other tokens.</p> <p>A <strong>pre-message pattern</strong> is one of the following sequences of tokens:</p> <ul> <li><code>"e"</code></li> @@ -358,7 +358,7 @@ <ol style="list-style-type: decimal"> <li><p>Parties can only send a static public key if they were initialized with a static key pair, and can only perform DH between private keys and public keys they possess.</p></li> <li><p>Parties must not send their static public key, or an ephemeral public key, more than once per handshake (i.e. including the pre-messages, there must be no more than one occurrence of <code>"e"</code>, and one occurrence of <code>"s"</code>, in the messages sent by any party).</p></li> -<li><p>After performing a DH between a remote public key and any local private key that is not an ephemeral private key, the local party must not send any encrypted data (i.e. must not call <code>ENCRYPT()</code>) unless it has also performed a DH between an ephemeral private key and the remote public key.</p></li> +<li><p>After performing a DH between a remote public key and any local private key that is not the ephemeral private key, the local party must not call <code>ENCRYPT()</code> unless it has also performed a DH between the ephemeral private key and the remote public key.</p></li> </ol> <p>Patterns failing the first check are obviously nonsense.</p> <p>The second check outlaws redundant transmission of values to simplify implementation and testing.</p> diff --git a/output/noise.pdf b/output/noise.pdf Binary files differindex 5af00bc..a69b9b6 100644 --- a/output/noise.pdf +++ b/output/noise.pdf |