[noise] NoiseSocket and payload padding in handshake messages
Trevor Perrin
trevp at trevp.net
Tue Apr 17 09:01:44 PDT 2018
On Tue, Apr 17, 2018 at 2:26 PM, Nemanja Mijailovic
<metalnem at mijailovic.net> wrote:
> Hi all,
>
> The NoiseSocket specification currently defines optional message body
> padding for both handshake and transport messages. Noise Socket Go (the only
> available implementation at the moment) does not offer option to pad payload
> in handshake messages, and also does not prefix the empty payload with its
> length (which is required for every encrypted payload). I remember Alexey
> talking about removing the padding from the handshake, but that’s not yet
> reflected in the spec. My question is: should I follow the current spec and
> allow padding in handshake messages, or will the padding be removed in some
> upcoming revision of the spec?
The current NoiseSocket spec says that a padding-length field is
always present for both handshake and transport ciphertexts. Though
the text could be clearer.
I thought Alexey supported that [1] and had it implemented earlier.
It also seems like the most consistent approach. It's probably true
that there's not enough deployment that we're locked-in yet, if we
wanted to discuss more.
Trevor
[1]
https://moderncrypto.org/mail-archive/noise/2017/000926.html
https://moderncrypto.org/mail-archive/noise/2017/000927.html
More information about the Noise
mailing list