[noise] Negotiation and 0-RTT

Alexey Ermishkin scratch.net at gmail.com
Fri Jul 7 13:36:39 PDT 2017

I agree it's worth specifying. As we are going to be the pioneers of the protocol, we'll try to implement everything that spec suggests

-----Original Message-----
From: Trevor Perrin [mailto:trevp at trevp.net] 
Sent: Saturday, July 8, 2017 1:14 AM
To: Alexey Ermishkin <scratch.net at gmail.com>
Cc: noise <noise at moderncrypto.org>
Subject: Re: [noise] Negotiation and 0-RTT

On Fri, Jul 7, 2017 at 7:24 PM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
> Seems reasonable, lgtm. However we might expect some servers just to 
> drop connections instead of explaining anything

My hope is we could convince servers that on encountering an unrecognized client_version they should send server_version=FFFFFFFF, giving the client a chance to try again (or close the connection).

Untested mechanisms like this often don't work when you need them.
And in general this shouldn't be needed, since clients should only send recognizable client_version (using negotiation_data to offer upgrades, and using 0-RTT encryption only with servers they know to support it).

However, if we could get servers to do this, they'd have a little more future-proofing.

I'd be inclined to try specifying it, and see what happens.


More information about the Noise mailing list