On Tue, Apr 29, 2014 at 11:53 PM, Colin Percival <cperc...@tarsnap.com>wrote:
> Code review follows. If you prefer I can fix things myself, but since you
> did
> the first draft I figure I should give you the option. :-)
>
Thanks. A question before I start revising...
> Can't do that -- it would break backwards compatibility. (I don't know if
> anyone is running with -f on one endpoint and not on the other, and if they
> are it's probably a mistake... but we still have to avoid any possibility
> that upgrading to a newer version of spiped will turn a working setup into
> a non-working setup.)
>
> Let's add a new option instead:
> -g Require perfect forward secrecy by dropping connections if
> the
> other host is using the -f option.
>
Ok.
>
> > + * is_zero_or_one(x, len):
> > + * Returns non-zero if the big-endian value stored at (${x}, ${len}) is
> equal
> > + * to either 0 or 1.
>
> This is wrong. We need to detect 1; we don't need to detect 0. (A validly
> signed 0 implies that someone who has the shared key is not following the
> protocol, in which case we've already lost.)
>
Isn't that an argument for detecting 0 even if -g isn't specified? It seems
to be to be better to drop connections which are detected to not be
conforming.
