From 2000d12ea724e6c64c020795de51f149b5776c45 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 4 Aug 2021 11:20:07 +0100
Subject: [PATCH] PROTOCOL: note re nonce based auth being hard

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 PROTOCOL | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/PROTOCOL b/PROTOCOL
index 1a385c3..4c4472b 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -31,6 +31,7 @@ Authentication token is:
         HMAC(secret, <time_t in hex>)
 and the hash function is SHA256
 
+
 Possible future nonce-based authentication:
 
 server keeps big nonce counter for each client
@@ -39,4 +40,5 @@ meaning is:
 also server keeps bitmap of the previous ?64 nonces,
  whether client has sent them
 
-client picks.... xxx
+difficult because client-generated nonces would have to never go
+backwaards which basically means never-rewinding state on the client.
-- 
2.30.2