[noise] NoiseSocket rev2 draft

[Trevor Perrin]

I incorporated the recent list discussions about NoiseSocket, and fixed
some things Gerardo pointed out:

https://github.com/noiseprotocol/noisesocket_spec/blob/master/output/noisesocket.pdf


Substantive changes:

 - Clarified that padding is used with handshake payloads

 - Disallowed sending negotiation_data after the first round-trip, except
in retry case.  The length fields will still be present so negotiation_data
in these messages could be used later, but for now we should probably keep
things simple and not require people to think about and support
negotiation_data in every handshake message (and this isn't needed for NLS).

 - Changed prologue for the retry request / NoiseSocketInit3 case to cover
Alice's negotiation_data when she sends the retry message (which in NLS
contains the initial_protocol Alice is echoing from Bob's retry_protocol).
This might not be strictly necessary, if we require the server to state the
only retry protocol it will accept in its first response, so having the
client repeat this would be redundant, which is why I was initially
thinking of omitting it and requiring the retry negotiation_data to be
empty.

But for consistency, to support other negotiation_data fields, and to
provide more flexibility / interop with future extensions which might allow
more flexible retry options, I think it is probably best for Alice to
repeat the initial_protocol (in NLS) and have it bound into the prologue
(in NoiseSocket).

 - Removed API section

 - Marked this as 'official/unstable'


Editorial changes:
 - Added a table to clarify the different response cases, and some text
cleanup.
 - Switched to Alice and Bob terminology


I'd like to publish this next week, so would appreciate further thoughts or
PRs on the text.


Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180501/5538b764/attachment.html>