[noise] Proposal: certificate and private key format
Trevor Perrin
trevp at trevp.net
Wed Apr 20 11:33:59 PDT 2016
On Wed, Apr 20, 2016 at 4:11 AM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> The Noise protocol's API specifies the use of bare public and private keys
> for arguments. While literally anything can be done with bare keys, they
> are likely to be unwieldy in practice for applications to manage.
>
> A better application-facing API might include functions
> SetPrivateKeyFile(filename, passphrase) and
> SetRemoteCertificateFile(filename).
>
> So, here's an idea I've been drafting for a few days:
>
> http://rweather.github.io/noise-c/cert_key_format.html
I think you'll find applications vary in:
- preferred encoding (JSON, XML, Protobufs, etc)
- contents needed for any certificate - e.g. if a client is just
contacting a pinned service, your "certificate" might be nothing more
than a single signature from some offline key. 11 fields is probably
overkill for a lot of cases.
That said, it's cool to see work on infrastructure atop Noise, I would
just keep it clear in APIs and libraries that this is a separate /
additional layer atop the Noise framework.
Trevor
More information about the Noise
mailing list