[noise] [Noise socket] Ambiguity of keys & certs
Alexey Ermishkin
scratch.net at gmail.com
Thu Mar 16 02:43:35 PDT 2017
For now, while using curve 25519 & 448 we can just take a cert (we actually
have a kind of ed25519 certs which public keys can be converted to
curve25519) and compare "rs" to the one, supplied in cert. Will work ok for
the version 1.
But in future it's obvious that sending static key twice & its comparison
with cert's internals is not what we are supposed to do. Especially when
using other classic curves with different point encoding techniques and PQC
with their huge public keys.
Right now Noise spec only specifies DHLEN constant which stands for both
public key length and DH results and it will definitely not be true for PQC.
How about extending this to something more flexible like ReadDH/WriteDH? The
concrete implementation would take care of serialization details and could
optinally provide an interface for cert validation. May be useful for "e"
keys as well as static keys.
More information about the Noise
mailing list