[noise] New revision: "noh2" branch, revision 3

Tiffany Bennett tiffany at stormbit.net
Tue Sep 1 06:12:22 PDT 2015


I don't like the 65536 byte message length limit. It introduces an
unnecessary number of additional messages into a noise box, and I
don't see much reason for it. Chacha and AES-GCM are already
random-access, so you don't need to parcel the message into chunks in
order to read only a part of it, you just have to check the
authenticator tag. If you do actually need to access only a part of a
message, then it might make more sense to use a Merkle tree. Chunked
messages can still be used, but I don't think there should be an
enforced maximum size.

On Tue, Sep 1, 2015 at 4:38 AM, Trevor Perrin <trevp at trevp.net> wrote:
> https://github.com/trevp/noise/blob/noh2/noise.md
>
> Based partly on discussions with Tiffany and Jason, I moved the type /
> length fields out of the core protocol into a section on "Application
> Responsibilities".
>
> I'm changing my mind on this partly because it enables other
> simplifications - since the Session object is no longer responsible
> for framing transport messages it now only has a role in the
> Handshake, so I renamed it to HandshakeState and use the kernel
> directly for transport messages (renaming the kernel to CipherState).
>
> But I think this is a sensible division in other ways - e.g. the
> framing data isn't cryptographically important, so it's better to keep
> the "trusted base" of crypto code as simple as possible.
>
> Note this isn't "substantive" - doesn't affect bytes on wire.  But I
> also simplified naming for handshakes and protocols, which does
> substantively affect Noise Pipes.
>
> Other presentation changes:
>  - Added "Application Responsibilities" section to discuss framing,
> termination, extensions, padding
>  - Changed Session object to a HandshakeState and Kernel to a
> CipherState - after the Handshake the CipherState is used directly to
> encrypt, instead of keeping the Session around
>  - More renaming: DH functions / cipherset -> DH parameters, cipher
> parameters, EncryptHandshakeData -> ConditionalEncryptAndMixHash
>  - Rewrote overview
>
> Trevor
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise


More information about the Noise mailing list