[noise] A simple and safe TLS/TCP-like protocol

Alexey Ermishkin scratch.net at gmail.com
Fri Feb 3 13:08:11 PST 2017


We could get all the needed cipher suite info from the string but I still
don't like the idea of parsing strings. It's pretty easy to generate all
supported ciphersuite combinations which should not be many, and use hashes
instead. Or we could of course think of some binary serialization for
ciphersuite and pattern names.

-----Original Message-----
From: alex at centromere.net [mailto:alex at centromere.net] 
Sent: Saturday, February 04, 2017 1:23 AM
To: Alexey Ermishkin <scratch.net at gmail.com>
Cc: 'Trevor Perrin' <trevp at trevp.net>; 'Rhys Weatherley'
<rhys.weatherley at gmail.com>; 'noise' <noise at moderncrypto.org>
Subject: Re: [noise] A simple and safe TLS/TCP-like protocol

On 2017-02-03 15:06, Alexey Ermishkin wrote:
> We will also need to support different mechanisms like 0-RTT/IK/XK 
> whatsoever whose count I guess will be multiplied by the amount of 
> ciphercuites which looks like a too much work for a single byte.
> Another problem is that we'll have to say that "0 is 
> Noise_XX_25519_ChaChaPoly_SHA256, 1 is foo, 2 is IK +
> Noise_XX_448_ChaChaPoly_SHA256 ". and keep the list somewhere.
> 
> I personally think that relying on strings in security is a very, very 
> bad idea, but maybe we should really use strings as it was intended by 
> the spec? Or at least hash from that string as a ciphersuite ID. Same 
> could be applied to patterns. It's 32/64 extra bytes per handshake 
> message  depending on how we'll treat those 2 strings, but it's 
> something that could be described in one paragraph and does not need 
> to be hardcoded
> 

Are there any benefits to using strings other than not needing to maintain a
central registry?



More information about the Noise mailing list