[noise] Branch: "imp"
Jason A. Donenfeld
Jason at zx2c4.com
Sun Nov 8 18:11:51 PST 2015
On Mon, Nov 9, 2015 at 3:02 AM, Trevor Perrin <trevp at trevp.net> wrote:
>> Okay, so if no prologue is specified, this doesn't change anything
>> substantively.
>
> You would still do an extra hash with a zero-length prologue.
Oh, right. It's h = HASH(h) in this case.
I have no use for a prologue, so I'll probably omit this extra hash
(unless it actually adds some cryptographic value).
>>, why not instead just augment the
>> handshake name specifier that's also used in MixHash (and ck)?
>
> Like discussed previously, there's potential IPR concerns in some
> cases of mixing data in the session key. Since I don't know what
> people will include in the prologue, I think it's safer to just mix it
> into the hash.
Ahh, right -- people might (ab)use it for including keys, which would
pose problems with IPR.
> But the Noise pipe protocol is a particular construct built on top of
> Noise messages, so for interop it's steering people towards this
> particular framing.
Ahh, okay - Noise Pipe is just one possible construction using the
sections above that. This was, in fact, clear from the document; I
just never read that part carefully enough before.
More information about the Noise
mailing list