[noise] noisecat: the noise swiss army knife
Gerardo Di Giacomo
gdg at fb.com
Fri Mar 2 09:42:37 PST 2018
> On Mar 2, 2018, at 1:58 AM, Trevor Perrin <trevp at trevp.net> wrote:
>
> Awesome, I'll summarize where I think we are:
>
> We discussed and wrote up NoiseSocket last year (mainly Alexey and I,
> on this list). The last several months have been more about tossing
> ideas around.
>
> Partly that's because the next steps are architecturally complicated.
> We have an idea what we want to add, but dividing things into layers
> and figuring out interfaces and where/how to interop is challenging.
>
> But I think we have ideas ready to test now: in particular,
> "sandwiching" the Noise core between a higher-level negotiation layer
> combined with a lower-level encoding layer, and then having
> interoperable profiles.
>
> So I'd like to start a few specs soon fleshing this out. If these
> ideas still look good, hopefully we can get feedback from trial
> implementations, and iterate fairly quickly to final designs. I'm
> hoping the hard part here was architectural, and the actual work of
> filling-in the details will be easy. But we'll see.
>
> Anyways, I'll try to kick off a couple spec drafts on some of these
> higher layers this weekend, hopefully this will make things clearer.
That's great! Looking forward to them! Is your ultimate goal for Noise to propose it as RFC?
> Is it? From the README it sounded like rstatic was only used to set
> the remote party's pre-message static public key, but it wouldn't be
> checked if the remote party transmitted a static public key during the
> handshake.
I'm sorry, you're right I misinterpreted your initial feedback and aggravated it by a bad answer on my side :) Yes, currently rstatic is to provide the public key of the other end for K patterns. A key verifier is missing and if you read at the bottom fo the README it's something I want to add. But I'm still not 100% sure how to do it; noisecat is a tool and not a library, so the verifier needs to be an external binary or some other mechanism that doesn't involve touching code.
Gerardo
More information about the Noise
mailing list