mode 6 crypto revison
hmurray at megapathdsl.net
Sat Jan 11 09:02:49 UTC 2020
> The current symmetric auth scheme requires a not-an-extension which is
> (formerly 10) 20 or 24 bytes of an essentially unidentifiable binary blob. to
> check for it, you either need a length for the authenticated stream or walk
> backward in the packet to see if the text matches a symmetric authenticator.
That's not quite the right description. You don't walk backwards. You go
forwards until you get to a reasonable stopping place, then check the length
of what is left. 20 or 24 bytes are grandfathered (ugly hack) as
> My former proposed scheme requires something which is not-properly-an-extensio
> n. it has a six-byte header which should be regex searchable in mode 6 and
> unlikely to occur (no number though) in a regular text stream.
"regex searchable" doesn't sound like the right approach.
Is Eric's mode 6 writeup accurate? docs/mode6.adoc
(I haven't checked the code, but it looks good.)
Assuming yes, then the current hack authentication will work and we can switch
to using real extensions at any time.
My previous comments about using NTS were bogus. That lets the client know
the response came from the correct server (or at least one with the correct
certificate). We need the other direction: the server needs to know the
client is authorized to do restricted operations. NTS doesn't support that.
These are my opinions. I hate spam.
More information about the devel