[noise] Regarding Static Key Authentication

[Nadim Kobeissi]

Dear Noise list,
I am interested in understanding the authentication properties inherent to
Noise keys, represented by Noise tokens.

If a token 's' appears in a Noise handshake pattern pre-message flight, it
is reasonable for us to assume that this key represented by 's' was
pre-authenticated by the parties. That is, if the initiator sent 's' in a
pre-message, then the responder is assumed to have authenticated 's'
already out of band, using for example a QR code as is the current
use-case, for example, in the Signal secure messenger.

However, if, in an unrelated Noise handshake pattern, 's' suddenly appears
in a message pattern (and not in a pre-message pattern as in the above
example), do we assume that this 's' was also pre-authenticated in a
similar scenario (QR code, etc.?)

Perhaps this is an argument to keep the parentheses notation currently
present in Noise rev33: if 's' appears in the parentheses for one of the
parties ('rs' in parentheses for the responder), then an 's' appearing in a
message flight is assumed to be authenticated. Otherwise, a party is
sending an unauthenticated static public key.

In either case, I would appreciate it if this was clarified in the
specification, which does seem to be currently ambiguous regarding this
question.

Thank you for your time,

Nadim Kobeissi
Symbolic Software • https://symbolic.software
Sent from office
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180501/a14faf74/attachment.html>