On Tue, Apr 29, 2014 at 11:53 PM, Colin Percival <cperc...@tarsnap.com>wrote:
> Code review follows. If you prefer I can fix things myself, but since you > did > the first draft I figure I should give you the option. :-) > Thanks. A question before I start revising... > Can't do that -- it would break backwards compatibility. (I don't know if > anyone is running with -f on one endpoint and not on the other, and if they > are it's probably a mistake... but we still have to avoid any possibility > that upgrading to a newer version of spiped will turn a working setup into > a non-working setup.) > > Let's add a new option instead: > -g Require perfect forward secrecy by dropping connections if > the > other host is using the -f option. > Ok. > > > + * is_zero_or_one(x, len): > > + * Returns non-zero if the big-endian value stored at (${x}, ${len}) is > equal > > + * to either 0 or 1. > > This is wrong. We need to detect 1; we don't need to detect 0. (A validly > signed 0 implies that someone who has the shared key is not following the > protocol, in which case we've already lost.) > Isn't that an argument for detecting 0 even if -g isn't specified? It seems to be to be better to drop connections which are detected to not be conforming.