[noise] Regarding Static Key Authentication
David Wong
davidwong.crypto at gmail.com
Tue May 1 05:49:40 PDT 2018
pre-message: yes!
message: as I said there are several ways to do it. Out of band is
just the first way in my list. You can do it the PKI style (like in
TLS)
On Tue, May 1, 2018 at 1:31 PM, Nadim Kobeissi <nadim at symbolic.software> wrote:
> Dear David,
> So, the conclusion is that any `s` appearing in either a pre-message or
> message pattern, is assumed to be authenticated out-of-band, as in
> independently of the Noise handshake, by the recipient party?
>
> Thank you,
>
> Nadim Kobeissi
> Symbolic Software • https://symbolic.software
> Sent from office
>
>
> On Tue, May 1, 2018 at 2:10 PM David Wong <davidwong.crypto at gmail.com>
> wrote:
>>
>> > If a token 's' appears in a Noise handshake pattern pre-message flight,
>> > it
>> > is reasonable for us to assume that this key represented by 's' was
>> > pre-authenticated by the parties. That is, if the initiator sent 's' in
>> > a
>> > pre-message, then the responder is assumed to have authenticated 's'
>> > already
>> > out of band, using for example a QR code as is the current use-case, for
>> > example, in the Signal secure messenger.
>>
>> I don't think this is a good comparison. Signal allows you to
>> post-handshake authenticate the session whereas a pre-message `s`
>> means that you have pinned `s` and thus you trust the session from the
>> start.
>>
>> `s` in a message pattern implies that you have a way to ensure that
>> you know that `s`. This can be done in different ways:
>>
>> * out of band post-handshake (like Signal)
>> * by having the sender also send a signature from some authority that
>> you trust (PKI)
>> * by recognizing the cert from a trust store
>> * ...?
>>
>> Hope that helps,
>> David
More information about the Noise
mailing list