[noise] New draft: "noh2" branch

[Trevor Perrin]

More simplifying of "noh2" (revision 1):

https://github.com/trevp/noise/blob/noh2/noise.md


 * Removed the "transport flags" - explicit nonces and "stepping" the
key would have to be in an extension spec.

 * Simplified Split() function, and always call it after handshake.

 * Removed Reinitialize() function in favor of just calling Initialize()

 * Initialize h to all-zeros instead of empty, so handshake messages
are handled consistently

 * Removed "Noise_Box" as it's identical to "Noise_X" now, only give a
special name to "Pipe" as it's a "compound protocol" that uses XX and
IS.


I'll probably try some implementation in next week or so and see if
this turns smoothly into code.

As always, feedback welcome...

Trevor

On Tue, Aug 25, 2015 at 1:23 AM, Trevor Perrin <trevp at trevp.net> wrote:
> https://github.com/trevp/noise/blob/noh2/noise.md
>
>
> I think the "noh" branch was too abstract and confusing, so I've been
> simplifying in the "noh2" branch.  I'm happy with how this is coming,
> but please give feedback.  Otherwise I'll merge it in a week or two.
>
>
> Aside from clarifications and restructuring, substantive changes:
>
>  * Simplified the "branching" notion from "noh" into a "re-initialize" notion.
>
>  * Simplified end-of-stream handling to reduce crypto cost and
> information leak (there's a byte indicator inside the encryption).
>
>  * Simplified mixing of pre-shared key.
>
>  * Simplified naming
>
>  * Eliminated "Conventions" - either absorbed them into main protocol
> or discarded.
>
>  * Eliminated "Padding" and "Handshake extensions" - I assume
> application protocols will provide their own parsing layer of JSON or
> Protobufs or whatever, so the "end-to-end argument" suggests we
> shouldn't replicate this in the crypto layer.
>
>  * Defined "Box" and "Pipe" protocols as the mainstream options.  Use
> "dummy statics" for optional authentication and support a 0-RTT mode
> for pipes.
>
>
> Trevor