Prioritize non-NIST Cryptography

soatok / mastodon-e2ee-specification

Soatok's Proposal for End-to-End Encryption in Mastodon

https://soatok.blog/2022/11/22/towards-end-to-end-encryption-for-direct-messages-in-the-fediverse/

GNU Affero General Public License v3.0

206 stars 4 forks source link

Prioritize non-NIST Cryptography #5

Closed soatok closed 1 year ago

soatok commented 1 year ago

If you want to fork this proposal to sell to a government, you're more than welcome to use AES and other algorithms instead of ChaCha20.

kyanha commented 1 year ago

To fork this proposal in a way that's interoperable (in the "I don't know the algorithm for this message" graceful failure manner), a versioning scheme must be part of the eventual specification. (Also, non-US governments may have their own cipher suite requirements, so it's not all about NIST/CNSA.)

soatok commented 1 year ago

Indeed, versioning is already planned for the design. That's how I intend to support post-quantum cryptography in the near future, without having to block the proposal on NIST's work with PQC.

From Security Goals:

Protocol Lucidity. All encrypted messages will be bound to a given context, to avoid Confused Deputy attacks. We will use versioned protocols instead of in-band negotiation, to avoid Algorithm Confusion attacks.