Re: [briar-devel] Multiple devices per user
Brought to you by:
akwizgran
Menu
▾
▴
Re: [briar-devel] Multiple devices per user
|
From: Michael R. <m-...@gm...> - 2012-03-22 12:30:02
|
Sorry for the self-replies. Here's a fix for the introduction protocol: * Alice wants to introduce her contacts, Bob and Carol. * Bob and Carol each generate an ephemeral key pair and give Alice the public key. * On receiving Bob's public key, Carol combines it with her private key to derive the shared secret. * Carol signs Bob's public key with her private key to acknowledge receipt of Bob's public key. * Carol destroys her private key. * Carol derives the shared secret for the current forward secrecy period, destroys the initial shared secret, then sends the acknowledgement to Alice. * Carol doesn't send any connections until she receives Bob's acknowledgement. * Same goes for Bob. * No connections are sent until the recipient's private key has been destroyed and the forward secrecy clock has started ticking. A small problem: how do Bob and Carol synchronise their forward secrecy periods without needing accurate clocks? Alice and Bob consider the moment they exchanged invitations to be the start of their first period - call that moment t(A, B). Likewise for Alice and Carol - t(A, C). So let Alice choose t(B, C). She then tells Bob the difference between t(A, B) and t(B, C), and Carol the difference between t(A, C) and t(B, C). There's a similar fix for the multi-device protocol, but it involves gossipping the acknowledgements, so it loses the advantage the multi-device protocol had over the introduction protocol, namely the ability for a new device to talk to an existing device even if the new device's owner's other devices are no longer functioning. Since we've lost that ability, I suggest we make device introductions similar to contact introductions, ie replace "Alice" with "Alice's phone" and "Carol" with "Alice's laptop" in the description above. Hot running water is a prerequisite for protocol design. Cheers, Michael |