[noise] Explicit nonces (for lossy transports)

Jake McGinty me at jake.su
Mon Jun 12 23:25:15 PDT 2017

I haven't written any drafts but I'm willing to take the plunge for a
first draft to get the ball rolling.
Maybethe simplest setup would be to leave the handshake itself unchanged
and instead define an ExplicitNonceCipherState which encapsulates all
the logic needed? The extension would just specify that Split() will
break into two of these instead of the default CipherState.
Applications would be responsible for ensuring the order and integrity
of the handshake messages before noise reaches the transport state.
On Mon, Jun 12, 2017, at 09:52 AM, Trevor Perrin wrote:
> On Mon, Jun 12, 2017 at 12:34 PM, Jake McGinty <me at jake.su> wrote:
> > Right now, the Noise spec is unusable for applications that work
> > better> > over lossy transports (gaming or video chat) due to the fact that
> > CipherState only works with an implicit nonce, so dropped and out-of-> > order packets won’t fare well.
> Sure!, definitely worth exploring, e.g. it would be fun to think about> DTLS/SRTP alternatives for WebRTC.
> It would be easy to link something from the Wiki if you had a draft.
> I haven't looked at this part of WireGuard that much, so I'm not sure> what else might be needed (e.g., how do you deal with packet loss
> during handshake?).
> Of course you should talk to WireGuard about their experiences, and
> see if this could align with them and be useful for them, too.
> Trevor

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170612/5caee758/attachment.html>

More information about the Noise mailing list