[noise] [NoiseSocket] First handshake message parsing questions
Trevor Perrin
trevp at trevp.net
Sun Feb 26 14:58:05 PST 2017
On Sun, Feb 26, 2017 at 2:19 PM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
> On Mon, Feb 27, 2017 at 6:24 AM, Trevor Perrin <trevp at trevp.net> wrote:
>>
>> I was thinking the client would send:
>>
>> version with explicit 25519 ephemeral
>> version with implicit 25519 ephemeral
>> version with implicit 25519 ephemeral
>> ...
>>
>> version with explicit 448 ephemeral
>> version with implicit 448 ephemeral
>> version with implicit 448 ephemeral
>> ...
>>
>> That would save bytes in case you're offering, say, a 25519 public key
>> with several different ciphers.
>>
>> But Rhys is probably right that for simplicity we should just have all
>> initial messages be explicit.
>
>
> Here's an alternative I thought of after sending my previous message:
>
> 0: XX_25519...AESGCM with explicit 25519 ephemeral
> 1: XX_25519...ChaChaPoly, duplicate 0
> ...
> 8: XX_448...AESGCM with explicit 448 ephemeral
> 9: XX_448...ChaChaPoly, duplicate 8
>
> For implicit sub-messages, the number of the previous sub-message "e" that
> is being duplicated is given. Then the responder doesn't have to "just
> know" which of the previous messages is being implicitly duplicated.
Is that actually easier to parse than just having zero-length implicit
messages use the previous non-zero-length explicit message?
I would think looking up an explicit message by number is more
complicated than just always using the previous one?
> Duplicating the entire packet makes the scheme easier to extend to HFS: it's
> not just the "e" that is elided, but "e, f".
That makes sense.
(I'm still fine with leaving out implicit message support, or
including it, I think.)
Trevor
More information about the Noise
mailing list