[noise] Use cases which don't fit Noise Pipes

Tony Arcieri bascule at gmail.com
Thu Feb 12 21:55:18 PST 2015 

On Thu, Feb 12, 2015 at 9:22 PM, Trevor Perrin <trevp at trevp.net> wrote:

> Those could be good use cases.  I'd love to see in-depth analysis, if
> you (or anyone) has time:
>

I can try to sketch out a quick overview of the ones I really like.

Where Noise Pipes fit your typical TLS-style use cases, these protocols
would benefit from something that looks more like DTLS.

Additionally, some of them might prefer Axolotl-like 0 round-trip operation
if they can discover a peer's public key in advance.

*ZeroMQ*

- What is it?

http://zeromq.org/

A highly flexible brokerless messaging system supporting a wide range of
interaction patterns

- Who's using it?

Lots of people: http://zeromq.org/docs:labs

Perhaps most notable in a crypto(-fail) context is SaltStack, a
Puppet/Chef-like configuration management platform, that infamously used an
RSA public exponent of 1 in their homebrew crypto because ZeroMQ didn't
support any encryption options at the time:
https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc

- What are the communication patterns?

ZeroMQ has an extremely diverse range of communication patterns that are
all fundamentally rooted in asynchronous messaging. There are so many
patterns I can't name them all off the top of my head, so really you should
just read the documentation:

http://zguide.zeromq.org/page:all

- What crypto do they have?

ZeroMQ supports an encryption protocol called CurveZMQ, independently
developed by Pieter Hintjens but adapted from djb's CurveCP:

http://curvezmq.org/

Unlike CurveCP, CurveZMQ uses TCP at layer 4 (as opposed to CurveCP's UDP
with a custom and not super-awesome decongestion algorithm) and includes
improvements to the key exchange protocol suggested by CodesInChaos. It is
probably the most common real-world usage of a CurveCP-like protocol.

*Cap'n Proto*

- What is it?

https://capnproto.org/

Both a re-envisioning of Google's Protocol Buffers as a serialization
format (providing zero-copy operation and various other improvements) and a
distributed RPC protocol that can be considered an improvement on CapTP,
which preserves many of the same features.

- Who's using it?

Cap'n Proto is primarily used as the foundation for https://sandstorm.io/
but implementations exist in many other languages, and it is generally
interesting to anyone who wants a distributed RPC system employing a
serialization format with a schema

- What are the communication patterns?

Cap'n Proto employs a highly flexible asynchronous messaging system with
advanced promise pipelining features that eliminate network round-trips
commonplace in most other RPC protocols: https://capnproto.org/rpc.html

- What crypto do they have (or want)?

Cap'n Proto presently does not support encryption (besides hooks for doing
it yourself with your own transport encryption library). Kenton, the
author, has said he would like to build atop NaCl/libsodium.

>From what I've heard from Kenton, he would like the minimal encryption
protocol needed to secure messages that otherwise derive their security
from CapTP-like protocols.

Cap'n Proto is highly focused on eliminating superfluous network
round-trips, so a protocol that does the same (i.e. Axolotl-like 0-round
trip encryption between peers that can discover each others' keys through
other peers) would be the preferred mode of operation.

*Consul/Serf*

- What is it?

https://www.consul.io/

A Zookeeper-like cluster management system, distributed lock service, and
key-value store. In addition to that, it can also perform healthchecks. It
seems pretty interesting.

- Who's using it?

I work at Square. We're interested in using it. I gather a number of other
companies are using Consul, but its maker Hashicorp does not publicly
advertise the users so it's hard to gauge.

- What are the communication patterns?

Consul is a peer-to-peer system which runs an instance per host in a
distributed infrastructure. It uses two protocols for coordination:

   - SWIM: an eventually consistent replicated state machine for group
   membership: http://www.cs.cornell.edu/~asdas/research/dsn02-SWIM.pdf
   - Raft: a consensus algorithm that provides partition tolerance in the
   wake of byzantine failures

- What crypto do they have (or want)?

Consul supports TLS for client-server operation. However...

The gossip protocol is secured by a homebrew algorithm using NaCl/libsodium
primitives:

https://www.serfdom.io/docs/agent/encryption.html

All nodes encrypt asynchronous messages with a global preshared symmetric
key. That's it. I guess they recently added key rotation?

I can provide more examples if you'd like to dig deeper...

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150212/e2c96e3b/attachment.html>

More information about the Noise mailing list