[noise] No "decrypt" function on cipher suites
Trevor Perrin
trevp at trevp.net
Wed Dec 17 12:38:19 PST 2014
On Wed, Dec 17, 2014 at 12:18 PM, Stephen Touset <stephen at squareup.com> wrote:
> Might make sense to explicitly specify this. What happens on a decryption failure (e.g., a bad authentication tag)?
Agreed should be more explicit.
To the specific question, I was thinking that any error handling for
pipes should be extremely simple: "If any error is detected, the party
should erase its cipher contexts and close the connection."
https://github.com/trevp/noise/wiki/Pipes
So for example, if there's an error you just close the TCP connection.
There's no attempt to provide cryptographic notice of the closure,
since that's not reliable in general.
The hope was to avoid any notion of alerts, close_notify, etc, since
that seems like part of TLS that adds a lot of complexity and doesn't
accomplish much.
Sorry that I haven't been more active in moving wiki contents into a
Markdown spec and finalizing it. There were a bunch of issues here
that I think need more consideration:
https://moderncrypto.org/mail-archive/noise/2014/000070.html
I'll try to do that and produce a better markdown candidate spec,
sometime in next several weeks.
Also, discussion is welcome on any of those points.
Trevor
More information about the Noise
mailing list