[noise] Session identifiers
Alex
alex at centromere.net
Mon Apr 18 21:03:08 PDT 2016
On Mon, 18 Apr 2016 20:46:22 -0700
Trevor Perrin <trevp at trevp.net> wrote:
> But again, I don't think this secrecy is necessary - for the uses /
> requirements on TLS channel bindings in, say, RFC 5056, I believe you
> could just as well use the handshake hash directly, like Noise does.
> That's nice and simple, and doesn't add any new machinery, so I like
> the current Noise design.
>
Trevor,
Would you consider the `h` value from the SymmetricState to be useful
to end-users of a Noise library? Would it be valid/safe to for them to
use it as a session identifier which can be signed for authentication
in at a higher level?
Or do you think that authentication at a higher level is redundant
because Noise already provides such a facility in many of the
handshakes?
--
Alex
More information about the Noise
mailing list