[noise] Transport protocol spec finalizing

Alexey Ermishkin scratch.net at gmail.com
Thu Jul 13 04:07:43 PDT 2017

I thought of it a little bit more and looks like we cannot legally use negotiation_data in the second and third messages until Noise will specify a mechanism of hashing additional data into the handshake state. So for v1 we will fix them to 2 zero bytes. An exception will be done for case when server_version != client_version, then the negotiation_data from the second message goes into the new prologue.

-----Original Message-----
From: Trevor Perrin [mailto:trevp at trevp.net] 
Sent: Thursday, July 13, 2017 2:19 PM
To: Alexey Ermishkin <scratch.net at gmail.com>
Cc: noise <noise at moderncrypto.org>
Subject: Re: [noise] Transport protocol spec finalizing

On Thu, Jul 13, 2017 at 7:36 AM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
> Ok, makes sense. But we would still like to simplify handshake parsing and make a clear separation from transport messages.
> How about adding those fields (version, negotiation_data len) to the third packet? So that all handshake packets had the same structure.

We'd have to specify the rules for these fields.

For example, to match the behavior of client_version and server_version, maybe requiring later version fields match the previous version is best?

I don't have a strong opinion on this.  It's a little more complex, so we should try to write it up and make sure it's not too complicated.

It would also be good if we could think of examples uses for it.


More information about the Noise mailing list