[noise] Revision 23 - clarifying validity rule

Trevor Perrin trevp at trevp.net
Mon Feb 22 17:23:27 PST 2016

The validity rule for patterns in 8.3 bullet 1 was too strict, it
would've disallowed the pattern discussed in 8.6 bullet 1:

 -> e, s, dhes, dhss

So I rewrote it to be more precise.  This has been a complicated bit
of text, but I think it's done now:

After performing a DH between a remote public key and any local
private key that is not a "fresh" ephemeral private key, the local
party must not send any payloads or static public keys, nor complete
the handshake, unless they have also performed a DH between a "fresh"
ephemeral private key and the remote public key. A "fresh" ephemeral
private key is one that was created by processing an "e" token when
sending a message (as opposed to an ephemeral private key passed in
during initialization).


More information about the Noise mailing list