<div dir="auto">Yes I have been working on an implementation that includes a model of this so it should be able to do this (as I want to do code generation rather than dynamic). Been making progress with it, hoping to have a releasable version fairly soon.</div><br><div class="gmail_quote"><div dir="ltr">On Tue, 17 Apr 2018, 17:43 Nemanja Mijailovic, <<a href="mailto:metalnem@mijailovic.net">metalnem@mijailovic.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space">It is a little tricky to support padding it for handshake message. You would have to calculate the whole Noise message length before deciding whether to apply padding, but the message sometimes includes static and ephemeral keys, where static keys can be encrypted or not, which depends on whether the cipher key was calculated in current or previous message patterns, but it also depends on whether the handshake pattern is PSK or not.<div><div><div><br></div></div></div><div><div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Nemanja</div>
</div>
<div><br><blockquote type="cite"><div>On Apr 17, 2018, at 6:40 PM, Justin Cormack <<a href="mailto:justin@specialbusservice.com" target="_blank" rel="noreferrer">justin@specialbusservice.com</a>> wrote:</div><br class="m_5581352990624674348Apple-interchange-newline"><div><div dir="auto"><div>I would assume that many protocols will not use the unencrypted messages for anything, so using them for padding seems natural (have been planning to do that for one use case). Encrypted ones can have framing information so they look much like normal messages so padding should be easy.<br><br><div class="gmail_quote"><div dir="ltr">On Tue, 17 Apr 2018, 17:31 Trevor Perrin, <<a href="mailto:trevp@trevp.net" target="_blank" rel="noreferrer">trevp@trevp.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, Apr 17, 2018 at 4:14 PM, Alexey Ermishkin <<a href="mailto:scratch.net@gmail.com" rel="noreferrer noreferrer" target="_blank">scratch.net@gmail.com</a>> wrote:<br>
> Hello everyone,<br>
> This is when padding was dropped from the handshake<br>
> <a href="https://moderncrypto.org/mail-archive/noise/2017/000931.html" rel="noreferrer noreferrer noreferrer" target="_blank">https://moderncrypto.org/mail-archive/noise/2017/000931.html</a><br>
<br>
Ah, I missed that, sorry.<br>
<br>
Let's take a moment to think about this and make sure we know what<br>
decision we're making, and why we're making it.<br>
<br>
On the one hand, I'm not sure why padding would be less-useful for<br>
handshake ciphertext than transport ciphertexts. On the other hand,<br>
maybe the structure of Noise libraries and the fact that handshake<br>
payloads are sometimes encrypted and sometimes not, makes this an<br>
awkward thing to support?<br>
<br>
Trevor<br>
_______________________________________________<br>
Noise mailing list<br>
<a href="mailto:Noise@moderncrypto.org" rel="noreferrer noreferrer" target="_blank">Noise@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/noise" rel="noreferrer noreferrer noreferrer" target="_blank">https://moderncrypto.org/mailman/listinfo/noise</a><br>
</blockquote></div></div></div>
_______________________________________________<br>Noise mailing list<br><a href="mailto:Noise@moderncrypto.org" target="_blank" rel="noreferrer">Noise@moderncrypto.org</a><br><a href="https://moderncrypto.org/mailman/listinfo/noise" target="_blank" rel="noreferrer">https://moderncrypto.org/mailman/listinfo/noise</a><br></div></blockquote></div><br></div></blockquote></div>