[noise] [NoiseSocket] First handshake message parsing questions
Trevor Perrin
trevp at trevp.net
Sun Feb 26 12:24:15 PST 2017
On Sun, Feb 26, 2017 at 12:09 PM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> On Mon, Feb 27, 2017 at 5:52 AM, Alexey Ermishkin <scratch.net at gmail.com>
> wrote:
>>
>> For example: either one algorithm-aware "e" per whole message or each
>> sub-message must have its own "e".
>> What do you think?
>
>
> My preference is that each sub-message has its own "e". As far as I can
> tell, the only benefit is data compression. Saving 32 or 56 bytes isn't
> really worth the effort of making the parser more complex (it may be worth
> it for NewHope and other algorithms with very large keys).
I was thinking the client would send:
version with explicit 25519 ephemeral
version with implicit 25519 ephemeral
version with implicit 25519 ephemeral
...
version with explicit 448 ephemeral
version with implicit 448 ephemeral
version with implicit 448 ephemeral
...
That would save bytes in case you're offering, say, a 25519 public key
with several different ciphers.
But Rhys is probably right that for simplicity we should just have all
initial messages be explicit.
New versions can define new behavior, so we could always add support
for more-implicit versions later.
Trevor
More information about the Noise
mailing list