[noise] verifying received static remote key

David Wong davidwong.crypto at gmail.com
Thu Nov 2 04:06:29 PDT 2017

> I don't think the spec pseudocode needs to handle invalid patterns.

Oh right, so no such patterns can exist. OK I got it now :)

> I'm not super-eager to make the pseudocode more complicated,
> particularly when this is just adding more emphasis ("authentication
> is important!") for something the spec already explains.
> Also, there are ways of doing authentication that don't fit into a
> blocking verifyRemoteStaticKey() function.  For example, maybe the
> authentication check requires a network lookup ("is this key good, or
> revoked?") so will happen in parallel with the rest of the handshake.

In this case what about the following:

1. have a `remoteKeyValid` boolean in the handshake state
2. have split() make sure this boolean is set to true before returning correctly
3. have initialization() set the boolean to true when the rs is set
4. in any other cases, the implementers will have to find a way to set
this to true

> Alternatively, if we want to emphasize this further we could list this
> in the "Application responsibilities" as well, or find some other
> place to insert a sentence.

My point is that it's important to have a safeguard as part of the
algorithm. I hope the boolean is small enough of a change to be
considered relevant.


More information about the Noise mailing list