[noise] Some questions from a new user

Rhys Weatherley rhys.weatherley at gmail.com
Thu Jun 29 18:48:55 PDT 2017

On Thu, Jun 29, 2017 at 9:51 AM, Paul F Fraser <paulf at a2zliving.com> wrote:

> Hi,
> I have been following this mail list for some time and am now ready to
> attempt to incorporate Noise into my network code.
> Brief explanation of my network-
>    - Every node on the network has status data about every other node on
>    the network including the public key. ( like blockchain, but not
>    blockchain hashes etc.)
>    - Users communicate with their node using mobile browser.
> From my limited understanding of Noise at this time my approach might be
> to use between nodes -
>    - the Noise_KK pattern as public keys are already known.
>    - use h, the handshake hash as  PSK  to remove the need for a
>    handshake on resumption of a connection.
The handshake hash is a public value, known to eavesdroppers, so it isn't a
very good PSK.  We're still working on the exact mechanism for generating a
PSK from one session to resume the next.  There will still need to be a
handshake upon resumption (to get fresh ephemerals), but it could use a
shorter pattern.

Frankly, Noise sessions are so cheap to set up that resumption isn't needed
in many cases.  TLS sessions are very slow to setup.  Noise, not so much.

> A problem I am facing is the communication between a users mobile and
> their node.
>    - SSL would be the obvious choice for this but would require an X509
>    certificate (lets encrypt) tied to an Ip Address rather than domain name.
>    - X509 certificates tied to Ip Addresses seem to be a problem.
> There has been quite a bit of discussion on this list about Noise and TLS.
> My question in this case-
>    - is there any way currently available to use other than an X509
>    certificate to secure the link between a mobile browser and in my case a
>    jetty server?
>    - preferably using Noise.
To secure a connection between two end-points, Noise only requires static
public keys (32 bytes in the case of DH=25519, 56 bytes in the case of
DH=448).  Any kind of signing, certificate issuing, or proof of key
ownership, is currently out of bounds for Noise.  The application decides
such policies.  There is no standard certificate format yet.  I proposed
one a while ago using a protobuf-based format rather than the X.509
format.  It's still a work in progress.

XX can be used by the parties upon the first connection to swap static
public keys, with KK on follow-up connections.  Alternatively, use Noise
Pipes which describes a more complete system for first-time / next-time

Comments appreciated.
> Finally, thanks to all the contributors to this technology, especially in
> my case, to Rhys for the Noise-Java code.
> -being fellow Australians, I can call him by his first name :-)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170630/acdd359f/attachment.html>

More information about the Noise mailing list