commit efad59fbc01d2be9e4ea1c408d6af7ed23567c06
parent 0deb4a79c3347b551006fbe51780178f147db8c8
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 13 Nov 2024 15:23:02 +0100
add more refs, nonce generation
Diffstat:
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -30,6 +30,7 @@
<!ENTITY RFC8446 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8446.xml">
<!ENTITY RFC8499 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8499.xml">
<!ENTITY RFC9106 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9106.xml">
+<!ENTITY RFC9147 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9147.xml">
<!ENTITY RFC9180 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9180.xml">
<!ENTITY I-D.ietf-dnsop-alt-tld PUBLIC '' "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-dnsop-alt-tld.xml">
]>
@@ -112,10 +113,11 @@
<t>
While some of the terminology is explicitly re-defined here, the reader is expected
to be familiar with TLS 1.3 (<xref target="RFC8446"/>), DTLS 1.3 (<xref target="RFC9147"/>) and HPKE
- (<xref target="9180"/>).
+ (<xref target="RFC9180"/>).
+ </t>
<dl>
- <dt>inititator:<dt><dd>See client in <xref target="RFC9147"/> Section 2.</dd>
- <dt>receiver:<dt><dd>See server in <xref target="RFC9147"/> Section 2.</dd>
+ <dt>inititator:</dt><dd>See client in <xref target="RFC9147"/> Section 2.</dd>
+ <dt>receiver:</dt><dd>See server in <xref target="RFC9147"/> Section 2.</dd>
<dt>epoch:</dt><dd>See <xref target="RFC9147"/> Section 2.</dd>
<dt>IATS:</dt>
<dd>Initiator Application Traffic Secret Key</dd>
@@ -135,7 +137,7 @@
<section anchor="rationale" numbered="true" toc="default">
<name>Design Rationale</name>
<t>
- The design rationale for CAKE is similar to DTLS 1.3 (cf. <xref target="9147"/> Section 3).
+ The design rationale for CAKE is similar to DTLS 1.3 (cf. <xref target="RFC9147" section="3"/>).
Except that CAKE does not consider Fragmentation as this is expected to be provided by the
transport underlay layer of GNUnet.
</t>
@@ -480,6 +482,11 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
The length of the data is included in the size field of the MessageHeader
preceeding the EncryptedMessage header.
</t>
+ <t>
+ The per-message nonce is generated as defined in <xref target="RFC8446" section="5.3"/>.
+ <!-- FIXME sequence number encryption?-->
+ <!-- FIXME the records/encryptions apply to all messages(?)-->
+ </t>
</section>
<section anchor="key_update_msg" numbered="true" toc="default">
<name>KeyUpdate</name>
@@ -567,6 +574,7 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
&RFC8174;
&RFC8439;
&RFC8446;
+ &RFC9147;
&RFC9180;
</references>
