[noise] A simple and safe TLS/TCP-like protocol
scratch.net at gmail.com
Fri Feb 3 13:08:11 PST 2017
We could get all the needed cipher suite info from the string but I still
don't like the idea of parsing strings. It's pretty easy to generate all
supported ciphersuite combinations which should not be many, and use hashes
instead. Or we could of course think of some binary serialization for
ciphersuite and pattern names.
From: alex at centromere.net [mailto:alex at centromere.net]
Sent: Saturday, February 04, 2017 1:23 AM
To: Alexey Ermishkin <scratch.net at gmail.com>
Cc: 'Trevor Perrin' <trevp at trevp.net>; 'Rhys Weatherley'
<rhys.weatherley at gmail.com>; 'noise' <noise at moderncrypto.org>
Subject: Re: [noise] A simple and safe TLS/TCP-like protocol
On 2017-02-03 15:06, Alexey Ermishkin wrote:
> We will also need to support different mechanisms like 0-RTT/IK/XK
> whatsoever whose count I guess will be multiplied by the amount of
> ciphercuites which looks like a too much work for a single byte.
> Another problem is that we'll have to say that "0 is
> Noise_XX_25519_ChaChaPoly_SHA256, 1 is foo, 2 is IK +
> Noise_XX_448_ChaChaPoly_SHA256 ". and keep the list somewhere.
> I personally think that relying on strings in security is a very, very
> bad idea, but maybe we should really use strings as it was intended by
> the spec? Or at least hash from that string as a ciphersuite ID. Same
> could be applied to patterns. It's 32/64 extra bytes per handshake
> message depending on how we'll treat those 2 strings, but it's
> something that could be described in one paragraph and does not need
> to be hardcoded
Are there any benefits to using strings other than not needing to maintain a
More information about the Noise