commit 246138fd03fa47f611850b2ceb2ee7e9177c5ecc
parent a98966f9f0f278f9df3eeec34a09ed8c81366e90
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 2 Apr 2025 20:06:45 +0200
Clarify ETS a bit
Diffstat:
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -314,7 +314,7 @@ MS | |
v
ss_R -> HKDF-Extract = Early Secret (ES)
|
- +-----> HKDF-Expand(., "early data", InitiatorHello)
+ +-----> HKDF-Expand(., "early data", InitiatorHello*)
| = Early Transport Secret (ETS)
|
v
@@ -346,6 +346,11 @@ ss_I -> HKDF-Extract = Master Secret (MS)
]]></artwork>
</figure>
<t>
+ IMPORTANT: The ETS is derived using the transcript of InitiatorHello*.
+ This transcript can, for obvious reasons, not yet include the encrypted tuple that
+ is part of the InitiatorHello.
+ All following transcripts that include the InitiatorHello include
+ the encrypted part as well.
When a traffic secret (*TS) is used to encrypt data, the respective
encryption key and starting nonce is generated as follows:
</t>
