[noise] NoiseSocket and payload padding in handshake messages

Alexey Ermishkin scratch.net at gmail.com
Wed Apr 18 09:57:04 PDT 2018


I could do that but first need to sync with your latest changes. Could you make a PR please? 

-----Original Message-----
From: Trevor Perrin <trevp at trevp.net> 
Sent: Wednesday, April 18, 2018 9:46 PM
To: Alexey Ermishkin <scratch.net at gmail.com>
Cc: Nemanja Mijailovic <metalnem at mijailovic.net>; noise <noise at moderncrypto.org>
Subject: Re: [noise] NoiseSocket and payload padding in handshake messages

On Wed, Apr 18, 2018 at 2:35 PM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
> Should we just add a note on 2 bytes field in encrypted handshake payload or also accompany it with counting formulas?

We should definitely clarify section 2.3 here:

https://github.com/noiseprotocol/noisesocket_spec/blob/master/output/noisesocket.pdf

We could also clarify section 5 (API) as Nemanja suggested.  I'm not sure how useful the API section is turning out to be, we could also describe this section more clearly as a "recommendation" or remove it entirely.  Would be interesting to hear from other implementers or potential implementers what they think of the API.

Trevor



>
> -----Original Message-----
> From: Trevor Perrin <trevp at trevp.net>
> Sent: Wednesday, April 18, 2018 12:50 PM
> To: Alexey Ermishkin <scratch.net at gmail.com>
> Cc: Nemanja Mijailovic <metalnem at mijailovic.net>; noise 
> <noise at moderncrypto.org>
> Subject: Re: [noise] NoiseSocket and payload padding in handshake 
> messages
>
> On Tue, Apr 17, 2018 at 4:31 PM, Trevor Perrin <trevp at trevp.net> wrote:
>>
>> Let's take a moment to think about this and make sure we know what 
>> decision we're making, and why we're making it.
>
>
> I think I'm still in favor of having NoiseSocket padding (i.e. the 
> 2-byte "body_len" field) present in encrypted handshake payloads, as 
> well as transport payloads.
>
> Padding is useful here for the usual reason:  you might be encrypting 
> variable-length handshake payloads and want to hide the length.
>
> If we omitted NoiseSocket padding in handshake payloads then padding 
> could still be added at a higher level.  For example, we could add a 
> padding field into the NLS protobuf.  However it's easier to add 
> padding _after_ you've encoded the protobuf into bytes, rather than 
> guessing the length beforehand and dealing with things like varints.
>
> Also, since we decided padding made sense as a NoiseSocket 
> responsibility, it seems reasonable to apply padding consistently to 
> all the places where NoiseSocket encrypts variable-length payloads.
>
>
> Trevor
>



More information about the Noise mailing list