[noise] Protocol Names
Jake McGinty
me at jake.su
Fri May 26 09:31:24 PDT 2017
As it stands, the current proposal for protocol name formatting leaves open some ambiguities and complications for implementers. Mainly:
* "Noise_XXpsk0+fallback_25519_AESGCM_SHA256" and “Noise_XXfallback+psk0_25519_AESGCM_SHA256” are identical from a protocol perspective. However, their handshake will fail, since the protocol name is used in the hash during initialization. Currently the spec doesn’t clarify on how to normalize differently-ordered-but-equivalent modifier sets.
* Parsing “XXpsk0+fallback” compared to “XX+psk0+fallback” is more obnoxious to implement and more difficult to make forward-compatible (since right now you kind of have to assume there will never be modifiers that start with [IKNX]). I also personally find "XX+psk0+fallback” to be more readable, and also means in the spec we don’t have to say things like “handshake names will always be uppercase, and modifiers will always start with a lowercase character” in order to remain unambiguous.
It seems to me there should be a rule about sorting modifiers before the protocol name thrown into the handshake hash, and that there should either be an unambiguous guideline on parsing the protocol name or we should separate all modifiers including the first one with a “+” to remain clear and simple.
Thoughts?
More information about the Noise
mailing list