[noise] NoiseSocket revision 1

[Trevor Perrin]

On Wed, Aug 2, 2017 at 7:38 PM, Alexey Ermishkin <scratch.net at gmail.com> wrote:
> Couple of thoughts after DEF CON and publishing an article in Russian on habr.ru:
>
> 1) Those who understand what this is are very excited and welcomed Noise very warm

Great!


> 2) People want IoT and, surprisingly, JS demos. IoT is on us, JS.....
> 3) I had one question regarding increasing maximum transport packet size to megabytes instead of 64k.  For datacenter/highload guys. Interesting!

The main reason for limiting packet size is that recipients might have
limited buffers, so with huge AEAD packets these recipients would be
tempted to decrypt and stream the plaintext before authenticating it
(i.e. do AES separately from GCM), which would be a security problem.

The overhead is 0.03% (20 bytes / 65535), so this shouldn't affect
performance much.

On the other hand, I was just talking with someone who might have an
unusual use case for larger packets.

We could consider making this a recommendation instead of a hard
limit.  But I'd like to hear more reasons why people want larger
packets.  If we could convince people to stick with 64K that's
simpler, and easier for small-buffer implementations.


> 4) We know guys who are going to implement all needed Noise primitives (25519, chacha, blake) in SILICON. Which is a huge step towards making NoiseSocket a standard IoT protocol
> 5) NGINX module running NoiseSocket is also a huge win. It's just a PoC for now, but we see a big future for him. Also was a huge pain in the ass to implement

Yeah that looks cool, good to see Noise-C in use.  It would also be
interesting to see if the Rust library could be used here.

https://github.com/VirgilSecurity/virgil-nginx-noise-socket

Trevor