[noise] Revision 33 draft

David Wong davidwong.crypto at gmail.com
Sat Sep 23 02:13:19 PDT 2017

Hey Trevor,

Some feedback:


I find it weird to specify the function `SetNonce` in the
`CipherState` section. I see that section as a "mandatory" set of
functions to implement, which doesn't make sense if I do not want to
create a Noise protocol over UDP. Can't this function be defined in
the relevant section?

(I have the same critic for `MixKeyAndHash` btw.)


For naming, I'd much prefer something along these lines:

"you concatenate the ASCII names for the handshake pattern, the
asymmetric functions, the symmetric functions"

with the "symmetric functions" being something like "AESGCM_SHA256" or


The "Out-of-order transport messages" section is small, and maybe
dangerous as it is not that trivial to implement a secure protocol
over UDP. You have to mind other details like "Am I sure this message
is coming from the right origin?" via things like cookies. Obviously I
don't know much about that, probably Jason has more to add to it, but
a warning might be relevant in this section.

The rest looks good to me!


More information about the Noise mailing list