Regarding `gemini://` over NaCL (replacing TLS)

Ciprian Dorin Craciun ciprian.craciun at gmail.com
Tue Mar 3 19:24:17 GMT 2020

Previous message (by thread): Regarding `gemini://` over NaCL (replacing TLS)
Next message (by thread): [SPEC-CHANGE] Preformatted text, header and unordered list lines defined
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 3, 2020 at 2:20 PM Ciprian Dorin Craciun
<ciprian.craciun at gmail.com> wrote:
> ####  The part about other alternatives
>
> I've found the following project that also does a "state-of-the-art"
> analysis (though granted in 2015):

Another interesting approach is CurveCP (designed by Daniel J. Bernstein):
* http://www.curvecp.org/
* http://www.curvecp.org/security.html
* http://www.curvecp.org/packets.html -- especially interesting to read

However it has a few drawbacks:
* it is not yet widely implemented except in C;
* it does not use TCP, but instead UDP;
* it requires that the client knows beforehand the signing public key
of the server;

On the flip side, especially looking at the packets document, the
specification is extremely simple, both to understand and implement.
(The most complex part of that specification is the nonces
handling...)

> ####  About my previous proposal
>
> I'll have to think harder about it (within my limited cryptographic
> expertise), and perhaps submit it to a cryptographers community for
> feedback.

In the interim I've reversed engineered the crypto primitives used by
`libsodium` (it wasn't hard, but I had to do it):

* https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/documentation/libsodium-internals.md

Then I've created a nice diagram of what happens in the proposed protocol:

* https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/documentation/diagrams/protocol-v1.png
* https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/documentation/diagrams/protocol-v1.svg

> At the moment I can see only a minor privacy flaw in it:  the client
> discloses its identity (and proof of identity) to any server;  instead
> it should first wait for the server to disclose its identity (and
> proof of identity) before proceeding.

I've "fixed" that by making the server authenticate itself first.

Next I'll try to submit this proposal to a cryptographers community to
receive some feedback.

Ciprian.

Previous message (by thread): Regarding `gemini://` over NaCL (replacing TLS)
Next message (by thread): [SPEC-CHANGE] Preformatted text, header and unordered list lines defined
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list