[noise] Replacing TLS with noise

Naveen Nathan naveen at lastninja.net
Thu Dec 29 00:11:32 PST 2016

>    Hello everyone!
>    I'm looking into implementing a secure transport layer for communication
>    between micro services. I don't want TLS because I don't need x.509 and
>    all that stuff. I know that there's a proposal for TLS 1.3 to have a"keys
>    only" mode, but it's still not accepted and i'm not sure it will get into
>    standard.Keys are perfectly enough for me. But I also don't want to
>    invent a bicycle here and use as much already invented things as possible.
>    Maybe there's whatsapp's packet structure (the new one, with noise)
>    somewhere? Or maybe someone has already done such a protocol that I could
>    implement and be compatible?A 
>    Thanks in advance.

Presently there are only few known applications using Noise:
 * WhatsApp / Signal
 * Wireguard

The internals of Wireguard is pretty well specified in the whitepaper [1]
and uses the Noise_IK pattern. It aims for the simplicity of "ssh keys" model
but for VPN. But on top of the protocol itself is a tad bit of complexity
due to key-rollover and such. I would consider it as a reference, but
you will probably need to tailor an underlying messaging/transport protocol
to suit your needs - and probably give extra consideration to section 12
in the noise spec (Application Responsibilities).

- Naveen

[1]: https://www.wireguard.io/papers/wireguard.pdf

More information about the Noise mailing list