[noise] Regarding Static Key Authentication

David Wong davidwong.crypto at gmail.com
Tue May 1 05:10:29 PDT 2018


> If a token 's' appears in a Noise handshake pattern pre-message flight, it
> is reasonable for us to assume that this key represented by 's' was
> pre-authenticated by the parties. That is, if the initiator sent 's' in a
> pre-message, then the responder is assumed to have authenticated 's' already
> out of band, using for example a QR code as is the current use-case, for
> example, in the Signal secure messenger.

I don't think this is a good comparison. Signal allows you to
post-handshake authenticate the session whereas a pre-message `s`
means that you have pinned `s` and thus you trust the session from the
start.

`s` in a message pattern implies that you have a way to ensure that
you know that `s`. This can be done in different ways:

* out of band post-handshake (like Signal)
* by having the sender also send a signature from some authority that
you trust (PKI)
* by recognizing the cert from a trust store
* ...?

Hope that helps,
David


More information about the Noise mailing list