[noise] Padding & sending data during the handshake

Alexey Ermishkin scratch.net at gmail.com
Wed Mar 1 05:59:07 PST 2017

Good news - I implemented Noise Socket as per draft which supports
negotiation, XX and IK. It is an "honest" implementation which initializes
as many HandshakeStates as all combinations of ciphersuites and patterns (8
for XX, 8 for IK in my case)

HTTPS over my NoiseSocket implementation runs at the same speed or a bit
faster (5%) than TLS 1.2. But of course it's still too early to make

2 more questions I'd like to discuss are:

1) Padding. Do we want one? I thought about adding to the beginning of every
transport packet contents:  <2 bytes len bytes to skip> <len bytes zeroes>
to achieve multiples of 1024 or whatever
2) Do we really want to allow sending transport data inside handshake
payloads ? It will at least mess with future handshake parameters. It will
also depend on the pattern at which stage can we safely send anything. I
know about the comparison table in the Noise spec but anyway, worth

More information about the Noise mailing list