[noise] Branch: "imp"

Trevor Perrin trevp at trevp.net
Sun Nov 8 18:02:47 PST 2015 

On Sun, Nov 8, 2015 at 5:42 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Sat, Nov 7, 2015 at 7:31 PM, Trevor Perrin <trevp at trevp.net> wrote:
>>  - Added notion of a "prologue" byte-sequence.  MixHash(prologue) is
>> called during initialization:  "may be zero-length, or which may
>> contain context information that both parties want to confirm is
>> identical, such as protocol or version negotiation messages sent
>> previously".
>
> Okay, so if no prologue is specified, this doesn't change anything
> substantively.

You would still do an extra hash with a zero-length prologue.


> But now it's an available option. Cool. Using it,
> though, hampers interopability. And so, in that case, since
> interopability doesn't matter

Implementations could still interop, you'd just have to specify the
prologue on both sides.


>, why not instead just augment the
> handshake name specifier that's also used in MixHash (and ck)?

Like discussed previously, there's potential IPR concerns in some
cases of mixing data in the session key.  Since I don't know what
people will include in the prologue, I think it's safer to just mix it
into the hash.


>>    - Clarified that Noise pipes should use 1-byte type, 2-byte length,
>> so that we can get interoperable Noise pipes as the default Noise use.
>
> This seems like a rather substantive change:
>
> +So that Noise pipes can be used with arbitrary lower-level protocols, handshake
> +messages are sent with the `type` byte followed by a 2-byte big-endian length
> +field, followed by the Noise handshake message. Transport messages are sent
> +with only the 2-byte length field, followed by the Noise tranport message.
>
> I'm using a 1 byte type parameter already, but as discussed repeatedly
> in the past, I have no use for the length parameter, since I have the
> IP/UDP headers already doing that. Is it okay for me to deviate from
> the spec? And if so, could this then be a mere suggestion, rather than
> a mandated substantive change?

It's not mandated for using Noise messages / handshakes.  You can use
Noise_IK with whatever type/length framing you want.

But the Noise pipe protocol is a particular construct built on top of
Noise messages, so for interop it's steering people towards this
particular framing.

Trevor

More information about the Noise mailing list