Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review exchange key usage and ensure no risk, or design mitigation for key replay. #6

Open
rmhrisk opened this issue Feb 4, 2017 · 0 comments
Open

Review exchange key usage and ensure no risk, or design mitigation for key replay. #6

rmhrisk opened this issue Feb 4, 2017 · 0 comments
Labels
security

Comments

@rmhrisk
Copy link
Contributor

rmhrisk commented Feb 4, 2017

One of the many benefits of 25519 is that you can use the same key for signing and encryption without risk.

The move to secp256r1 requires us to introduce an exchange key, which we sign with the identity key creating a cryptographic binding between the two.

This introduces a potential risk of an exchange key replay, we need to review this scenario and ensure that either there is no risk or we must design a mitigation to this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rmhrisk