[noise] Noise Certificates?

Trevor Perrin trevp at trevp.net
Tue Jul 29 16:39:05 PDT 2014

On Tue, Jul 29, 2014 at 3:03 PM, Stephen Touset <stephen at squareup.com> wrote:
> For current typical server-authenticated communications, it’s easy to imagine Noise clients using cert pinning to authenticate the identity of the server. But for mutually-authenticated or client-authenticated channels, it’s often infeasible for a server to have a list of allowed client public keys in advance.
> Do you have any plans to amend the Pipe proposal to allow for the inclusion of certificates (during the pipe handshake, presumably)? Or do you intend for users of Noise to solve this problem (if needed) on their own?

Certs could be included in the client and server noise boxes.

I think the core protocol should be indifferent to cert format,
because people might want different things (X.509, homegrown XML /
JSON objects, etc).

Jonathan mentioned an SPKI format:

SPKI's cool in theory but never really took off.  RFC 2693 is a great
read if you haven't done so.

I don't think a cert format should be standardized in the Noise core
(which should probably just be boxes and pipes), but if people wanted
to build out infrastructure around this like certs, resumption, etc.,
that seems fine to discuss here.


More information about the Noise mailing list