[noise] QUIC + Noise = nQUIC
Trevor Perrin
trevp at trevp.net
Sun Dec 16 20:23:39 PST 2018
On Tue, Dec 4, 2018 at 5:04 PM David Wong <davidwong.crypto at gmail.com> wrote:
>
> Hello,
>
> Mathias Hall-Andersen, Alishah Chator, Nick Sullivan and I just
> released our design mixing the QUIC protocol with the Noise protocol
> framework (instead of TLS 1.3)
>
> https://dl.acm.org/citation.cfm?id=3284854
Nice work, a few questions:
* You've focused on the IK handshake, how easily could this be
extended to other Noise handshake patterns? The efficiency reasons
for wanting QUIC transport seem pretty independent from the reasons
for choosing one Noise handshake or another.
* Is the double-ratcheting thing part of QUIC, or is that something
you did just for nQUIC? If the latter, I wonder if the complexity is
really justified, or if you could just use Noise's "rekey"
functionality.
* The paper discusses the rationale for choosing Noise if you've
already decided to use QUIC, but it doesn't give as much rationale for
choosing QUIC if you've already decided to use Noise. The paper says
"nQUIC is not intended for the traditional web setting", so for what
users or use cases do you think nQUIC might be useful, outside of the
web?
* The code is still listed as a work-in-progress, what is the status
of that? Also, any interest in creating a Noise extension spec for
this?
Trevor
More information about the Noise
mailing list