commit 1ac1c3618bc84d0520bd5de297602a1b3b57417b
parent 136874cea780c7df2aa1800daca0d4daf6f8116c
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 16 Apr 2025 13:42:50 +0200
add notes on missing implementation decisions
Diffstat:
1 file changed, 20 insertions(+), 0 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -637,6 +637,14 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
messages are <= 2<sup>16</sup>-1 bytes and the counter cannot overflow.
</t>
<t>
+ We must define which hash function is to be used for H. It should probably have 512 bit output.
+ Candidates are Blake2b (Fast), SHA512 (safe).
+ </t>
+ <t>
+ We must define which KEM is to be used.
+ We may want to use our HPKE Elligator KEM <xref target="LSD0011"/>.
+ </t>
+ <t>
The Initiator/Receiver selection logic may require a timed fallback: The designates Initiator may never initiate (NAT, already has sufficient connections, learns about receiver later than receiver about initiator etc.).
This may result in edge cases where the Initiator initiates a handshake and the Receiver also initiates a handshake at the same time switching roles.
@@ -680,6 +688,18 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
&RFC9147;
&RFC9180;
+ <reference anchor="LSD0011" target="https://lsd.gnunet.org/lsd0011">
+ <front>
+ <title>The HPKE Elligator KEM</title>
+ <author initials="M." surname="Schanzenbach" fullname="Martin Schanzenbach">
+ <organization>Fraunhofer AISEC</organization>
+ </author>
+ <author initials="P." surname="Fardzadeh" fullname="Pedram Fardzadeh">
+ <organization>Technische Universität München</organization>
+ </author>
+ <date year="2024"/>
+ </front>
+ </reference>
</references>
<references>
<name>Informative References</name>
