[noise] DPI

[Trevor Perrin]

On Sun, Jul 5, 2015 at 2:30 PM, Alex <alex at centromere.net> wrote:
> Is the ability to avoid DPI fingerprinting orthogonal to the goals of Noise?

Haven't thought much about that.

Noise messages should be close to random except for:
 - unencrypted public keys (ephemeral public keys are always
unencrypted, and the Curve25519 public keys will always have the high
bit clear)
 - the prologue byte
 - any other framing, e.g. Noise would need some additional length
fields if used over TCP

The public keys could be mostly taken care of by defining a
ciphersuite that encodes public keys to random strings (protocols that
repeatedly send the same static public key in clear might still be
detectable).

It might be possible to have an option to XOR keystream with all
plaintext fields.  The keystream could be generated from k similarly
to GETKEY(), but we wouldn't do a full authenticated-encryption of
each of these fields, this would just be a lightweight masking for
censorship-circumvention.

Not sure if this is worth it, though.

Trevor