matthewdgreen
matthewdgreen
Aside from using perfect/statistical commitments and ZK (and _maybe_ symmetric primitives with very large key sizes), I don't think we know enough in 2016 to meaningfully guess at what will...
@daira I agree -- I don't think we have any runway or engineering budget to spend time on considerations about PQ security in v1.0. But if you think it's valuable...
Unfortunately this is not the case for the Hello packet. The key for the Hello MAC is actually revealed in the Commit packet, thanks to the way the Hash chain...
> ZRTP requires that we use the ZID from the Hello packet at an early point to > construct a DHPart2 packet (prepared for the hash commit, 4.4.1.1) and this...
This is a good point. The inclusion of ZIDi/r does provide a final check on the Hello message in ZRTPCPP. And in fact the 'fix' I proposed the first time...
I admit to being a bit flummoxed by the code for this. As best I can tell the current ZRTPCPP code receives a Hello, then looks to see if it...
Ok, I had to read Travis's note several times before I realized he was discussing a future version in which both Hello messages are checked in total_hash. Yes, that would...
Ok, I concede defeat on this one. Good job guys. Since we might as well be thorough: what about the MITM and Signature-capable flags? I know they're optional, but any...
Aside from using perfect/statistical commitments and ZK (and _maybe_ symmetric primitives with very large key sizes), I don't think we know enough in 2016 to meaningfully guess at what will...
@daira I agree -- I don't think we have any runway or engineering budget to spend time on considerations about PQ security in v1.0. But if you think it's valuable...