[noise] Termination

david wong davidwong.crypto at gmail.com
Fri Apr 22 13:15:33 PDT 2016

There is little written about termination, in 12\. Application


> Termination: Applications must consider that a sequence of Noise
transport messages could be truncated by an attacker. Applications should
include explicit length fields or termination signals inside of transport
payloads to signal the end of a stream of transport messages.


and then in the following section:


> Termination: Preventing attackers from truncating a stream of transport
messages is an application responsibility. See previous section.


It sounds odd to me that the application running on top of Noise should be
preoccupied by network attacks (such as termination here). What's the
recommendation on how to do that? I'm not sure how protobuf works but if it's
a TLV-based encoding it should have a total length up from the start. What
about JSON-based messages? Should it include a length field right from the
start as well?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160422/6a0ef6e4/attachment.html>

More information about the Noise mailing list