[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Unreliable Delivery, Ratcheting, and Secret Reuse?
|
From: |
Cy |
|
Subject: |
Unreliable Delivery, Ratcheting, and Secret Reuse? |
|
Date: |
Fri, 10 Jul 2020 04:03:24 +0000 |
If I have a shared secret ratchet going on, and I send something encrypted with
secret 1,
I can't get rid of secret 1, can I? I need to wait until the peer sends me
something
encrypted with secret 2, before I know we've both gone past secret 1. But
waiting
is dumb. If I want to send multiple messages in a row, can't I continue using
secret 1?
Usually I'll just wait for a reply, but just if there are like, updates or
typoes, or
something.
I can't think of a scenario where I'd send a message, and then send another
one, and the first would be more incriminating than the second. Worst comes to
worst I
could have a special "Abort" message that says I threw away all secrets because
I sent a
message I regret. But if the Abort message itself is lost and never delivered...
Sorry this is really confusing me. Because if I send S1(M1) then discard S1 for
S2, with
unreliable delivery, S1(M1) might never reach you, so when you wanted to send
me a
message you'd use S1 too, and I wouldn't be able to decrypt it anymore. But if
I hold
onto S1, and only discard it when you use S2 or S3, then we won't have to
re-establish
the conversation, in a way that seems much easier to monitor than the reuse of
a shared
secret.
- Unreliable Delivery, Ratcheting, and Secret Reuse?,
Cy <=