keks
commented
9 months ago Agreed, this was a nice read! I have left a few comments inline.
Regarding the version negotiation: I think right now it's not great that there is no cryptographic agreement on the major version, and I suggest using the Noise prologue to achieve it. And as long as there are no features to be negotiated, maybe it's not needed? Either way, the minor version negotiation could theoretically happen in the ciphertext now.
Regarding the paper I posted on fragmentation: I only skimmed it a long time ago, and the only thing I took away from it was "boundary-hiding is hard than just encrypting the length prefixes", because you usually can see where ciphertexts start and end by watching transmission patterns. It's definitely a vector of leakage, but when I think about what the actual concern is, then I think it boils down to fingerprinting: I see that you received a lot of ciphertexts that were the same size as that other persons, so you are likely in a chat group. If I recall correctly, the InterMAC stuff was a bit complicated to implement, so I'd understand if you consider this out of scope. But maybe you can add some padding inside the ciphertext, so messages look more uniform?
Looking forward to any follow-ups :)
Oh and yeah, no compensation please.
hackergrrl
AljoschaMeyer
cblgh
The Cable Protocol is a new, proposed protocol specification. It's made up of two smaller protocols: the Cable Wire Protocol and the Cable Handshake Protocol.
The purpose of the Cable Protocol is to facilitate the setup of a secure connection between two members of a cabal chat, and the creation and sync of that cabal, by allowing peers to exchange cryptographically signed documents with each other, such as chat messages, spread across various user-defined channels.
For small edits, please consider using the github feature for "suggested changes": https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request
Thank you for reviewing our work!