[noise] Versioning (was Re: Noise Certificates?)

Tony Arcieri bascule at gmail.com
Tue Jul 29 19:56:37 PDT 2014

On Tue, Jul 29, 2014 at 7:10 PM, Trevor Perrin <trevp at trevp.net> wrote:

> I think having *version* negotiation for an entire protocol is useful,
> so you can migrate to new versions which might include any change.
> I've been assuming that would be handled outside the noise core, i.e.
> the client might prefix its first message with a version number or
> something.
> But arguably we should do more to support versioning.  It would be
> good if anyone trying to create a "real" protocol around this could
> think about this and see what would work for them.

+1 to versioning. Arguably this (i.e. cipher agility) doesn't happen very
often. We may have just seen it with the move from RC4 -> AES-GCM, but even
that was something of an oddity as it was precipitated by a move from AES
-> RC4 due to TLS's lack of a Noise Box-like primitive and attacks like
BEAST (so use an authenticated stream cipher and call it good?).

All that said, I would strongly be in favor of Noise having some mechanism
for the server to signal the client that they're using a vulnerable
protocol and that connections for the version they're attempting to use are
unacceptable and they should upgrade.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140729/7a55395d/attachment.html>

More information about the Noise mailing list