[noise] NoiseSocket rev2 draft

Nemanja Mijailovic metalnem at mijailovic.net
Wed May 2 09:33:44 PDT 2018


I’ve implemented the new retry definition, and the new prologue calculation doesn’t add any additional complexity to the implementation. That also means my implementation is basically complete—you can find it at https://github.com/Metalnem/noisesocket <https://github.com/Metalnem/noisesocket> (I’ll write more about it in the separate topic in the following days).

Nemanja

> On May 1, 2018, at 6:49 PM, Nemanja Mijailovic <metalnem at mijailovic.net> wrote:
> 
> The spec looks much better now. I’m not yet sure what my opinion is on the retry request prologue changes, so I’ll first implement the new definition in the following 2-3 days before giving my final feedback on that.
> 
> Nemanja
> 
>> On May 1, 2018, at 11:46 AM, Trevor Perrin <trevp at trevp.net <mailto:trevp at trevp.net>> wrote:
>> 
>> 
>> I incorporated the recent list discussions about NoiseSocket, and fixed some things Gerardo pointed out:
>> 
>> https://github.com/noiseprotocol/noisesocket_spec/blob/master/output/noisesocket.pdf <https://github.com/noiseprotocol/noisesocket_spec/blob/master/output/noisesocket.pdf>
>> 
>> 
>> Substantive changes:
>> 
>>  - Clarified that padding is used with handshake payloads
>> 
>>  - Disallowed sending negotiation_data after the first round-trip, except in retry case.  The length fields will still be present so negotiation_data in these messages could be used later, but for now we should probably keep things simple and not require people to think about and support negotiation_data in every handshake message (and this isn't needed for NLS).
>> 
>>  - Changed prologue for the retry request / NoiseSocketInit3 case to cover Alice's negotiation_data when she sends the retry message (which in NLS contains the initial_protocol Alice is echoing from Bob's retry_protocol).  This might not be strictly necessary, if we require the server to state the only retry protocol it will accept in its first response, so having the client repeat this would be redundant, which is why I was initially thinking of omitting it and requiring the retry negotiation_data to be empty.
>> 
>> But for consistency, to support other negotiation_data fields, and to provide more flexibility / interop with future extensions which might allow more flexible retry options, I think it is probably best for Alice to repeat the initial_protocol (in NLS) and have it bound into the prologue (in NoiseSocket).
>> 
>>  - Removed API section
>> 
>>  - Marked this as 'official/unstable'
>> 
>> 
>> Editorial changes:
>>  - Added a table to clarify the different response cases, and some text cleanup.
>>  - Switched to Alice and Bob terminology
>> 
>> 
>> I'd like to publish this next week, so would appreciate further thoughts or PRs on the text.
>> 
>> 
>> Trevor
>> 
>> _______________________________________________
>> Noise mailing list
>> Noise at moderncrypto.org <mailto:Noise at moderncrypto.org>
>> https://moderncrypto.org/mailman/listinfo/noise
> 
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180502/1e4cd436/attachment.html>


More information about the Noise mailing list