[noise] Padding & sending data during the handshake

Trevor Perrin trevp at trevp.net
Wed Mar 1 10:40:27 PST 2017


On Wed, Mar 1, 2017 at 8:44 AM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
> Sure, the code is here  https://github.com/go-noisetls/noisetls  sorry for its early quality.

At first glance, I wouldn't call it "NoiseTLS" because TLS is a distinct thing.


> 1) As for the application layer padding, not sure if we are talking about the same layer, but for example HTTP layer knows nothing about packet size which may not be fixed (if we a going to implement a renegotiation some day). So, the string "GET / HTTP/1.1" will always have the same size if we won't help at the packet layer.
> I know this looks weird, but we really looking forward to using REST http over noise
>
> So, my vote is for adding the "padding size" API parameter. Size 2 bytes, so it's a tiny overhead if you disable it.
>
> I have also never seen any application-layer paddings and have no idea of where would they be useful. When you know beforehand that all packets are a multiple of 1024 or 4096, it will definitely remove some amount of paranoia


I agree it's a tiny overhead, and easy to support for receiver.

I'm less sure what the API and code would look like for sender.  For
example, suppose:
 - the server responds to the GET with a 1 GB file
 - the server sends the file via a series of NoiseSocket.write() calls
with 2KB chunks
 - the server will like to pad the overall response size to the nearest 1 MB

How would all this work?  Maybe it would help to look at an API design
/ code samples.

> Sending "certificates" - also yes.  But in which message? NoiseXX first message is not authenticated in any way, what will be the rule of thumb? Together with "s" ?

Yep.

Trevor


More information about the Noise mailing list