[noise] NLS?

Gerardo Di Giacomo gedigi at live.com
Wed Mar 7 20:50:32 PST 2018 

> From: Noise <noise-bounces at moderncrypto.org> on behalf of Trevor Perrin <trevp at trevp.net>
> Sent: Sunday, March 4, 2018 10:48:57 PM
> To: noise
> Subject: [noise] NLS?
>  
> Hi all,
> 
> I've created a draft spec for an "NLS" framework that adds a
> negotiation language ("NoiseLingo") on top of NoiseSocket (hence
> "NoiseLingoSocket").  This is based on ideas from [1].
> 
> This needs a tweaked NoiseSocket draft, with modifications from [2]
> (renaming a couple things, and changing the prologue calculation to
> differentiate the "retry" case, and to add an application prologue):
> 
> https://github.com/noiseprotocol/nls_spec/blob/master/output/nls.pdf
> https://github.com/noiseprotocol/noisesocket_spec/blob/master/output/noisesocket.pdf
> 
> 
> The NLS draft also defines some "basic profiles", which are intended
> as high-level protocols usable by application developers:
>   - NoiseLink  (1-RTT handshake)
>   - NoiseZeroLink  (0-RTT handshake)
>   - NoiseShortLink  (for low-end embedded)
>   - NoiseAnonBox  (public-key encryption)
>   - NoseAuthBox  (public-key encryption + sender auth)
> 
> The idea is that NoiseLingo and NLS give you a menu of negotiation
> fields that are easy to choose from to create profiles.  Also, these
> profiles will have a lot of similarity and thus potential for interop
> (e.g. a NoiseZeroLink client can talk to a NoiseLink server, by
> falling back to 1-RTT).  And if you start with something simple like
> NoiseLink, it's easy to add new NLS fields and negotiation options as
> you discover new needs.
> 
> Anyways, let me know what you think!
> 
> 
> Trevor
Thanks again for sharing this Trevor. I’ve started some experiment in integrating NLS (NoiseLink/NoiseZeroLink) to the existing implementation of NoiseSocket. I’ll share updates as I make progress.

As I was initially reading the spec, I though whether, for sake of simplicity, would it make sense to merge NoiseLink and NoiseZeroLink in a single profile (ZeroLink)? They both share the same negotiation fields, so it might be easier from an implementation/interop standpoint to have a single profile that offers both 0 and 1 RTT.

Gerardo

More information about the Noise mailing list