[noise] Noise_NN
Trevor Perrin
trevp at trevp.net
Thu Apr 21 21:58:27 PDT 2016
On Thu, Apr 21, 2016 at 9:15 PM, david wong <davidwong.crypto at gmail.com> wrote:
> Heyo!
>
> (Sorry if this was discussed before as I'm one of the new comers :] )
> Shouldn't unauthenticated handshakes be dismissed from the specs?
>
> from 8.3. Interactive patterns:
>
> Noise_NN():
> -> e
> <- e, dhee
You can do authentication with channel binding on top of an
unauthenticated channel. (e.g. one or both parties sign the "h" value
/ the "handshake hash"). For layering reasons, there might be cases
where encryption is negotiated opportunistically, then applications do
authentication on top of it (e.g. the TCPcrypt idea).
Or, you could use a PSK for authentication, but use NoisePSK_NN to add
forward-secrecy.
I'll add this to my growing list of things that could be explained better.
Trevor
More information about the Noise
mailing list