[noise] Regarding Static Key Authentication

Nadim Kobeissi nadim at symbolic.software
Tue May 1 05:31:17 PDT 2018


Dear David,
So, the conclusion is that any `s` appearing in either a pre-message or
message pattern, is assumed to be authenticated out-of-band, as in
independently of the Noise handshake, by the recipient party?

Thank you,

Nadim Kobeissi
Symbolic Software • https://symbolic.software
Sent from office


On Tue, May 1, 2018 at 2:10 PM David Wong <davidwong.crypto at gmail.com>
wrote:

> > If a token 's' appears in a Noise handshake pattern pre-message flight,
> it
> > is reasonable for us to assume that this key represented by 's' was
> > pre-authenticated by the parties. That is, if the initiator sent 's' in a
> > pre-message, then the responder is assumed to have authenticated 's'
> already
> > out of band, using for example a QR code as is the current use-case, for
> > example, in the Signal secure messenger.
>
> I don't think this is a good comparison. Signal allows you to
> post-handshake authenticate the session whereas a pre-message `s`
> means that you have pinned `s` and thus you trust the session from the
> start.
>
> `s` in a message pattern implies that you have a way to ensure that
> you know that `s`. This can be done in different ways:
>
> * out of band post-handshake (like Signal)
> * by having the sender also send a signature from some authority that
> you trust (PKI)
> * by recognizing the cert from a trust store
> * ...?
>
> Hope that helps,
> David
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180501/2bc807e2/attachment.html>


More information about the Noise mailing list