cross-posted from: https://lemmy.ml/post/93192
It’s not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.
cross-posted from: https://lemmy.ml/post/93192
It’s not finished or anything, but I want potential vulnerabilities brought to my attention as soon as possible.
Explicitly specifying that clients MUST use an elliptic curve Diffie-Hellman key exchange, but especially one that’s ephemeral.
Then perhaps even provide links to some implementations in the spec directly, to ease adoption…
For Rust, for example: https://docs.rs/x25519-dalek/1.2.0/x25519_dalek/
I haven’t added that level of detail to the spec yet, especially since it could be subject to change anyway, but the implementation I’m currently using is the sodiumoxide crate (I’m aware it got marked as “deprecated” recently so I will look into replacing it with other crates eventually, but I thought that getting most of the protocol hammered out was more urgent than using a better library).