[noise] Protocol Names
me at jake.su
Fri Jun 16 11:59:39 PDT 2017
Based off of the input from this conversation, I wrote up a draft PR for more explicit (but backwards-compatible) definitions for how a protocol name is constructed and parsed.
Does this reflect the general consensus so far?
> On May 27, 2017, at 12:31 AM, Jake McGinty <me at jake.su> wrote:
> As it stands, the current proposal for protocol name formatting leaves open some ambiguities and complications for implementers. Mainly:
> * "Noise_XXpsk0+fallback_25519_AESGCM_SHA256" and “Noise_XXfallback+psk0_25519_AESGCM_SHA256” are identical from a protocol perspective. However, their handshake will fail, since the protocol name is used in the hash during initialization. Currently the spec doesn’t clarify on how to normalize differently-ordered-but-equivalent modifier sets.
> * Parsing “XXpsk0+fallback” compared to “XX+psk0+fallback” is more obnoxious to implement and more difficult to make forward-compatible (since right now you kind of have to assume there will never be modifiers that start with [IKNX]). I also personally find "XX+psk0+fallback” to be more readable, and also means in the spec we don’t have to say things like “handshake names will always be uppercase, and modifiers will always start with a lowercase character” in order to remain unambiguous.
> It seems to me there should be a rule about sorting modifiers before the protocol name thrown into the handshake hash, and that there should either be an unambiguous guideline on parsing the protocol name or we should separate all modifiers including the first one with a “+” to remain clear and simple.
> Noise mailing list
> Noise at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noise