[noise] certificate chains
Trevor Perrin
trevp at trevp.net
Mon Jul 2 07:58:25 PDT 2018
On Mon, Jul 2, 2018 at 11:46 AM, Arvid Picciani <aep at exys.org> wrote:
> thanks trevor,
>
> i'm using IX now like so:
> again, u is ed25519 pub key, and u(s) is signature over s plus a
> protocol identifier as suggested by travor
>
> <- u
> ....
> -> e, s
> <- e, ee, se, s, es, u(s)
> -> u, u(s)
Thanks,
I interpret the additional fields in the 2nd message as being sent in
the handshake payload, and in the 3rd message as being sent in the
first transport payload?
Since client-authentication isn't completed until the 3rd message, I'm
wondering if you could use XX instead? This would provide better
client identity-hiding, since the client's identity would be encrypted
and only revealed to an authenticated server.
> are there any specs from this group for signature chains?
> i'm making up my own now, but i'd love to read something with the
> quality of the noise spec.
We've talked about that a few times, for example coming up with
something that used protobufs and fit easily into NLS, but haven't
come up with anything. Probably a few projects have invented their
own lightweight cert format, at this point.
Trevor
More information about the Noise
mailing list