Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move X sent from Bob to Alice from step 2 to step 4b #37

Merged
merged 1 commit into from
May 4, 2018
Merged

move X sent from Bob to Alice from step 2 to step 4b #37

merged 1 commit into from
May 4, 2018

Conversation

r10s
Copy link
Collaborator

@r10s r10s commented May 4, 2018

see #33 from comments and reasons

hpk42
hpk42 reviewed May 4, 2018
View reviewed changes
source/new.rst

- in step 4 b) Bob's device adds group X to the encrypted part of the
'vc-request-with-auth' message, together with ``Bob_FP`` and the ``AUTH``
value from step 1.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could bob try to join a different group than the one he was invited for?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think, this depends on the implementation. In Delta, X is groupName+random64bitNumber, so i do not think this is possible. If, in other implementations, X are small, continuously increasing numbers, Alice could check if X matches the generated INVITENUMBER.
However, this seems to be independent from this change - if we would add X to step 2 (vg-request) - Alice has to do the same in step 3 then - and has even to fear that X could be modified by MitM.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, so there is a "human readable" group name and a (random) group code -- i guess the group name can change but the group code will stay, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes.

@hpk42
Copy link
Collaborator

hpk42 commented May 4, 2018

isn't it funny how the PR only changes a few lines but the discussion spans pages already? :)

@r10s r10s changed the title move X sent from Bob to Alice from step 1 to step 4b move X sent from Bob to Alice from step 2 to step 4b May 4, 2018
@hpk42 hpk42 merged commit fc499d0 into master May 4, 2018
@azul azul deleted the move-x branch November 8, 2018 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hpk42 hpk42 hpk42 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@r10s @hpk42