[noise] Simple 1-RTT protocol
Trevor Perrin
trevp at trevp.net
Sat Jun 10 23:27:37 PDT 2017
On Sun, Jun 11, 2017 at 5:40 AM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
>
> I like the idea of describing the API but looks that you've dropped the previously "standardized" way of providing a list of supported ciphersuites. Does that mean we'll need to choose a default one?
I was thinking each application would choose its own curve+cipher+hash
as version=0. So to interoperate, different implementations would
need some out-of-band agreement on what the versions mean.
To migrate to a different cipher or hash, you could assign the new
algorithms to version=1, then do the following:
* To interop with old servers, client sends client_version=0, but
uses the options field to indicate support for version=1 (how this is
encoded is up to the application). The server responds with
server_version=1.
* To not interop with old servers, client sends client_version=1, and
server responds with server_version=1.
To migrate to a different elliptic curve, you would do similar to above, but:
* To interop with old servers, send the new ephemeral inside the
options field (how this is encoded is up to the application).
* To not interop with old servers, client sends client_version=1, and
only sends the new new ephemeral.
I'm not sure this is the right choice, we'd be asking the application
to do more work with the "options" field, but that keeps the library's
responsibilities simple.
Trevor
More information about the Noise
mailing list