lsd0012

LSD0012: CORE Authenticated Key Exchange (CAKE)
Log | Files | Refs
commit 53aa07081be9eff2080487482e913b2e099f1f90
parent 1d2a28d9285d3d9345862dea8710ca2e46bf3f4a
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Wed, 13 Nov 2024 23:15:46 +0100

notes on acks

Diffstat:

Mdraft-schanzen-cake.xml | 38+++++++++++++++++++++++++++-----------


1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -142,6 +142,15 @@
         transport underlay layer of GNUnet.
       </t>
     </section>
+    <section anchor="svcinfo" numbered="true" toc="default">
+        <name>ServicesInfo String</name>
+        <t>
+          The ServicesInfo is a string consisting of key-value pairs separated by
+          a separator indicating supported services and their versions.
+          E.g. "dht:1.1;cadet:0.4".
+          The ServicesInfo is zero terminated.
+        </t>
+        </section>
     <section anchor="protocol_flow" numbered="true" toc="default">
       <name>Protocol Flow</name>
       <t>
@@ -229,6 +238,13 @@ MS       |                                               |
          v                                               v
          ]]></artwork>
       </figure>
+      <t>
+        Notice how we do not need any acknowledgement messages until after InitiatorFinished (after 1.5 RTT).
+        The InitiatorHello message is a single flight that is implicitly ack'ed with ReceiverHello.
+        ReceiverHello is a single flight that is implicitly ack'ed with InitiatorFinished.
+        InitiatorFinished requires an explicit ack; at this time R and I have already established a secure channel
+        and R can use an EncryptedMessage to send the ack.
+      </t>
         <t>
           The Initiator creates the InitiatorHello message which includes the encrypted tuple (pk<sub>I</sub>,ServicesInfo).
           The fields are encrypted using a key derived from the ETS according to <xref target="figure_swimlane"/>
@@ -383,9 +399,9 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
         </t>
       </section>
       <section anchor="cake_hs_msg_fmt" numbered="true" toc="default">
-        <name>CAKE Handshake Message Format</name>
+        <name>CAKE Message Format</name>
         <t>
-          Any sent message in the handshake starts with a <tt>MessageHeader</tt>:
+          Any sent message starts with a <tt>MessageHeader</tt>:
         </t>
         <figure anchor="figure_msghdr" title="The Wire Format of the Message Header.">
           <artwork name="" type="" align="left" alt=""><![CDATA[
@@ -406,18 +422,18 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
           <li>InitiatorHello</li>
           <li>ReceiverHello</li>
           <li>HandshakeFinished</li>
-          <li>KeyUpdate</li>
+          <li>EncryptedMessage</li>
         </ul>
-      </section>
-        <section anchor="svcinfo" numbered="true" toc="default">
-        <name>ServicesInfo String</name>
         <t>
-          The ServicesInfo is a string consisting of key-value pairs separated by
-          a separator indicating supported services and their versions.
-          E.g. "dht:1.1;cadet:0.4".
-          The ServicesInfo is zero terminated.
+          An encrypted message also always starts with a MessageHeader
+          and the allowed types are:
         </t>
-        </section>
+        <ul>
+          <li>KeyUpdate</li>
+          <li>Ack</li>
+          <li>ApplicationData</li>
+        </ul>
+      </section>
         <section anchor="initiator_hello" numbered="true" toc="default">
         <name>InitiatorHello Message</name>
         <t>