[noise] Noise_NN

Trevor Perrin trevp at trevp.net
Thu Apr 21 21:58:27 PDT 2016

On Thu, Apr 21, 2016 at 9:15 PM, david wong <davidwong.crypto at gmail.com> wrote:
> Heyo!
> (Sorry if this was discussed before as I'm one of the new comers :] )
> Shouldn't unauthenticated handshakes be dismissed from the specs?
> from 8.3. Interactive patterns:
> Noise_NN():
>   -> e
>   <- e, dhee

You can do authentication with channel binding on top of an
unauthenticated channel. (e.g. one or both parties sign the "h" value
/ the "handshake hash").  For layering reasons, there might be cases
where encryption is negotiated opportunistically, then applications do
authentication on top of it (e.g. the TCPcrypt idea).

Or, you could use a PSK for authentication, but use NoisePSK_NN to add

I'll add this to my growing list of things that could be explained better.


More information about the Noise mailing list