[noise] noisecat: the noise swiss army knife

Trevor Perrin trevp at trevp.net
Fri Mar 2 01:58:17 PST 2018


On Thu, Mar 1, 2018 at 6:47 PM, Gerardo Di Giacomo <gdg at fb.com> wrote:
>
> I'm aligned with your thoughts and I agree that formalizing a stack that covers all the three points is the ideal goal for Noise to make it more broadly accessible. I would love to help you with defining the missing elements to allow full interop, although I'm not a protocol designer or a crypto analyst, and I'm unsure how progress is currently being made.

Awesome, I'll summarize where I think we are:

We discussed and wrote up NoiseSocket last year (mainly Alexey and I,
on this list).  The last several months have been more about tossing
ideas around.

Partly that's because the next steps are architecturally complicated.
We have an idea what we want to add, but dividing things into layers
and figuring out interfaces and where/how to interop is challenging.

But I think we have ideas ready to test now:  in particular,
"sandwiching" the Noise core between a higher-level negotiation layer
combined with a lower-level encoding layer, and then having
interoperable profiles.

So I'd like to start a few specs soon fleshing this out.  If these
ideas still look good, hopefully we can get feedback from trial
implementations, and iterate fairly quickly to final designs.  I'm
hoping the hard part here was architectural, and the actual work of
filling-in the details will be easy.  But we'll see.

Anyways, I'll try to kick off a couple spec drafts on some of these
higher layers this weekend, hopefully this will make things clearer.


>> I see you've already added -lstatic and more patterns, great!  I
>> wonder if "rstatic" could also be applied to check a transmitted
>> public key?  Or maybe that could be a separate argument.
>
>
> I'm not sure what you mean. The rstatic switch is used to verify the public key of the remote end, even when it's transmitted.

Is it?  From the README it sounded like rstatic was only used to set
the remote party's pre-message static public key, but it wouldn't be
checked if the remote party transmitted a static public key during the
handshake.

Trevor


More information about the Noise mailing list