<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, May 12, 2016 at 2:34 PM, Trevor Perrin <span dir="ltr"><<a href="mailto:trevp@trevp.net" target="_blank">trevp@trevp.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On further thought, XR and SIGMA-R aren't that useful. They're almost<br>
the same as if the initiator just asked the responder to initiate an<br>
XX handshake.<br></blockquote><div><br></div><div>Except for the responder identity hiding. There may be a use for the responder being able to terminate the session with "Nope - not talking to you" when the initiator identifies themselves and are not on an approved whitelist. For example, a VPN ingress point on a company network for roving employees.<br><br>The responder will often be an unattended server running on a port, subject to potentially millions of automated hack attempts. The less the responder reveals about themselves to unknown entities before aborting the connection, the better. XR is the only pattern with this property.<br><br><div>Rather than focusing on the patterns or the SIGMA-whatever, I would focus on the use cases. What
are the top 5 use cases for Noise and what are the best patterns to
accomplish each with various initiator/responder privacy trade-offs? Live chat, VPN's, file encryption, ... ?<br></div><br></div><div>I don't in principle have a problem with removing XR, but there may be other patterns that are equally unhelpful.<br></div><div><br></div><div></div><div>Cheers,<br><br></div><div>Rhys.<br></div></div><br></div></div>