[noise] Questions about Signatures for Noise spec

[Lucas Manuel Rodriguez]

Hello folks,

I'm working on a system that relies heavily in public key signatures and I
came across the "Signatures for Noise" spec [1].

Knowing it's unofficial/unstable I hope it's ok to ask a couple of
questions here.

1) There's the following paragraph In the "Signature modifiers" section:

"The "sig" modifier can only be used with patterns where "se" is not sent by
the responder and "es" is not sent by the initiator, and "ss" does not
appear.
Attempting to apply it other patterns is invalid."

It would be nice if you could elaborate those statements.

2) Are you seeing a path towards "hybrid" patterns? Hybrid as in: DH +
Signatures, e.g.:

<- s
...
-> e, es, s1, sig

(The above pattern would allow 0-RTT encryption and authentication of
initiator via signatures)

Or are there any problems/vulnerabilities that would prevent this from
happening?

I'm new to the Noise Framework, so please bear with me :)

[1]: https://github.com/noiseprotocol/noise_sig_spec

Best,
Lucas Manuel Rodríguez.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20190408/e65ff1eb/attachment.html>