[noise] Some questions from a new user
Rhys Weatherley
rhys.weatherley at gmail.com
Thu Jun 29 18:48:55 PDT 2017
On Thu, Jun 29, 2017 at 9:51 AM, Paul F Fraser <paulf at a2zliving.com> wrote:
> Hi,
>
> I have been following this mail list for some time and am now ready to
> attempt to incorporate Noise into my network code.
>
> Brief explanation of my network-
>
> - Every node on the network has status data about every other node on
> the network including the public key. ( like blockchain, but not
> blockchain hashes etc.)
> - Users communicate with their node using mobile browser.
>
> From my limited understanding of Noise at this time my approach might be
> to use between nodes -
>
> - the Noise_KK pattern as public keys are already known.
> - use h, the handshake hash as PSK to remove the need for a
> handshake on resumption of a connection.
>
>
The handshake hash is a public value, known to eavesdroppers, so it isn't a
very good PSK. We're still working on the exact mechanism for generating a
PSK from one session to resume the next. There will still need to be a
handshake upon resumption (to get fresh ephemerals), but it could use a
shorter pattern.
Frankly, Noise sessions are so cheap to set up that resumption isn't needed
in many cases. TLS sessions are very slow to setup. Noise, not so much.
>
> A problem I am facing is the communication between a users mobile and
> their node.
>
> - SSL would be the obvious choice for this but would require an X509
> certificate (lets encrypt) tied to an Ip Address rather than domain name.
> - X509 certificates tied to Ip Addresses seem to be a problem.
>
> There has been quite a bit of discussion on this list about Noise and TLS.
>
> My question in this case-
>
> - is there any way currently available to use other than an X509
> certificate to secure the link between a mobile browser and in my case a
> jetty server?
> - preferably using Noise.
>
>
To secure a connection between two end-points, Noise only requires static
public keys (32 bytes in the case of DH=25519, 56 bytes in the case of
DH=448). Any kind of signing, certificate issuing, or proof of key
ownership, is currently out of bounds for Noise. The application decides
such policies. There is no standard certificate format yet. I proposed
one a while ago using a protobuf-based format rather than the X.509
format. It's still a work in progress.
XX can be used by the parties upon the first connection to swap static
public keys, with KK on follow-up connections. Alternatively, use Noise
Pipes which describes a more complete system for first-time / next-time
connections.
Comments appreciated.
>
> Finally, thanks to all the contributors to this technology, especially in
> my case, to Rhys for the Noise-Java code.
>
> -being fellow Australians, I can call him by his first name :-)
>
Thanks.
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170630/acdd359f/attachment.html>
More information about the Noise
mailing list