[noise] NoiseSocket and payload padding in handshake messages

[Alexey Ermishkin]

Hello everyone,
This is when padding was dropped from the handshake
https://moderncrypto.org/mail-archive/noise/2017/000931.html

And I don't remember anyone asking to return it back, so all our implementations don't include that.



-----Original Message-----
From: Noise <noise-bounces at moderncrypto.org> On Behalf Of Trevor Perrin
Sent: Tuesday, April 17, 2018 9:02 PM
To: Nemanja Mijailovic <metalnem at mijailovic.net>
Cc: noise <noise at moderncrypto.org>
Subject: Re: [noise] NoiseSocket and payload padding in handshake messages

On Tue, Apr 17, 2018 at 2:26 PM, Nemanja Mijailovic <metalnem at mijailovic.net> wrote:
> Hi all,
>
> The NoiseSocket specification currently defines optional message body 
> padding for both handshake and transport messages. Noise Socket Go 
> (the only available implementation at the moment) does not offer 
> option to pad payload in handshake messages, and also does not prefix 
> the empty payload with its length  (which is required for every 
> encrypted payload). I remember Alexey talking about removing the 
> padding from the handshake, but that’s not yet reflected in the spec. 
> My question is: should I follow the current spec and allow padding in 
> handshake messages, or will the padding be removed in some upcoming revision of the spec?

The current NoiseSocket spec says that a padding-length field is always present for both handshake and transport ciphertexts.  Though the text could be clearer.

I thought Alexey supported that [1] and had it implemented earlier.
It also seems like the most consistent approach.  It's probably true that there's not enough deployment that we're locked-in yet, if we wanted to discuss more.

Trevor

[1]
https://moderncrypto.org/mail-archive/noise/2017/000926.html
https://moderncrypto.org/mail-archive/noise/2017/000927.html
_______________________________________________
Noise mailing list
Noise at moderncrypto.org
https://moderncrypto.org/mailman/listinfo/noise