commit a8954e993a56edf08baedb74548896b2b0b3f703
parent 4d07e5cb78be0a9874f46326620f490da26399ae
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
Date: Tue, 11 Jun 2024 22:34:07 +0200
Updated TCP communicator message exchange
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/draft-gnunet-communicators.xml b/draft-gnunet-communicators.xml
@@ -991,8 +991,10 @@ SetupCipher(MSK):
<t>
TCP Box messages follow the mac-then-encrypt approach to hide the size of the payload and achieve a zero-plaintext design.
The HMAC utilizes SHA512 as the underlying hash function and is ratcheted after each operation. Given the mac-then-encrypt
- approach, additional safeguards are needed to protect against oracle padding attacks. Therefore, we use AES-CTR for encryption,
- as it doesn't require padding.
+ approach, additional safeguards are needed to protect against oracle padding attacks. Therefore, we <bcp14>MUST</bcp14> use
+ a padding free encryption scheme such as AES-CTR for encryption. Additionally, we restrict the attacker's ability for replay
+ attacks by exchanging new key material after a fix amount of transferred data (FIXME: currently 4GB, refer to rekeying process).
+ The necessary key exchanges to establish the new key material are protected using monotonic timestamps.
</t>
<t>
(FIXME: hmac, MtE discussion, padding-oracle, rekeying).
