diff options
author | trevnoise <noise@trevp.net> | 2017-09-23 01:45:46 +0000 |
---|---|---|
committer | trevnoise <noise@trevp.net> | 2017-09-23 01:45:46 +0000 |
commit | c0bdf658c0a6af2ef33786195602d892d6ecfa15 (patch) | |
tree | 95d98c70dc952227ede578f27e4937c77a124ebf | |
parent | Cleanup text. (diff) | |
download | noise-c0bdf658c0a6af2ef33786195602d892d6ecfa15.tar.xz noise-c0bdf658c0a6af2ef33786195602d892d6ecfa15.zip |
Add output
-rw-r--r-- | output/noise.html | 2 | ||||
-rw-r--r-- | output/noise.pdf | bin | 369689 -> 369717 bytes |
2 files changed, 1 insertions, 1 deletions
diff --git a/output/noise.html b/output/noise.html index 6cfd3fb..ed325af 100644 --- a/output/noise.html +++ b/output/noise.html @@ -1068,7 +1068,7 @@ Noise_IK(s, rs): <p>Applications must make these decisions on their own; there are no modifiers which specify rekey behavior.</p> <p>Note that rekey only updates the cipherstate's <code>k</code> value, it doesn't reset the cipherstate's <code>n</code> value, so applications performing rekey must still perform a new handshake if sending 2<sup>64</sup> or more transport messages.</p> <h2 id="out-of-order-nonces">11.4. Out-of-order nonces</h2> -<p>In some use cases, Noise transport messages might be lost or arrive out-of-order (e.g. when messages are sent over UDP). To handle this, an application protocol can send the <code>n</code> value used for encrypting each transport message alongside that message, and recipients can call the <code>SetNonce()</code> function on the receiving <code>CipherState</code> using the received nonce. Recipients doing this must track the received <code>n</code> values and reject repeated values to prevent replay attacks.</p> +<p>In some use cases, Noise transport messages might be lost or arrive out-of-order (e.g. when messages are sent over UDP). To handle this, an application protocol can send the <code>n</code> value used for encrypting each transport message alongside that message. On receiving such a message the recipient would call the <code>SetNonce()</code> function on the receiving <code>CipherState</code> using the received nonce. Recipients doing this must track the received <code>n</code> values and reject repeated values to prevent replay attacks.</p> <h2 id="half-duplex-protocols">11.5. Half-duplex protocols</h2> <p>In some application protocols the parties strictly alternate sending messages. In this case Noise can be used in a "half-duplex" mode <span class="citation">[<a href="#ref-blinker">6</a>]</span> where the first <code>CipherState</code> returned by <code>Split()</code> is used for encrypting messages in both directions. This provides a small optimization, since <code>Split()</code> only has to output a single <code>CipherState</code>, and both parties only need to store a single <code>CipherState</code> during the transport phase.</p> <p>This feature must be used with extreme caution. In particular, it would be a catastrophic security failure if the protocol is not strictly alternating and both parties encrypt different messages using the same <code>CipherState</code> and nonce value.</p> diff --git a/output/noise.pdf b/output/noise.pdf Binary files differindex 6fa82e6..3d70ee8 100644 --- a/output/noise.pdf +++ b/output/noise.pdf |