[noise] Cap'n Proto case (was: Potential redesign?)

Trevor Perrin trevp at trevp.net
Thu Mar 26 16:40:15 PDT 2015


On Thu, Mar 26, 2015 at 4:32 PM, Trevor Perrin <trevp at trevp.net> wrote:
> On Wed, Mar 25, 2015 at 3:42 PM, Kenton Varda <kenton at sandstorm.io> wrote:
>>>
>>> But if it's true that processes have "static" keys of a day or less,
>>> you could possibly get by with just Nacl-style boxes (BoxSS), where
>>> you encrypt directly based on static-static DH keys, and live with
>>> forward-secrecy windows of < day (due to static key replacement).
>>
>>
>> Thanks, that was my feeling.
>>
>> Though now I am thinking of some other ideas...
>>
>> When Alice introduces Bob to Carol, Alice could generate a random symmetric
>> key sent to both parties. Bob and Carol would use this key as an additional
>> seed for their PRF chains.
>
> Works for introductions, that's sort of Kerberos, but:
>  - How does Alice open sessions with Bob and Charlie in first place?
> It can't be introductions all the way down, being able to connect
> based on public key seems desirable somewhere?
>  - Using DH means Alice can't read Bob and Charlie's traffic, seems
> like a nice if not necessary property

Mm, also your introduction keys make it harder for Bob to make further
introductions to Charlie without contacting Charlie (I think) which
was one of your goals..

Trevor


More information about the Noise mailing list