[noise] Questions about Signatures for Noise spec
Lucas Manuel Rodriguez
lucarodriguez at gmail.com
Mon Apr 8 12:45:43 PDT 2019
Thanks for the quick response! Answered inline.
On Mon, 8 Apr 2019 at 09:10, Justin Cormack <justin at specialbusservice.com>
wrote:
> (replies inline)
>
> On Mon, 8 Apr 2019 at 12:36, Lucas Manuel Rodriguez
> <lucarodriguez at gmail.com> wrote:
> >
> > Hello folks,
> >
> > I'm working on a system that relies heavily in public key signatures and
> I came across the "Signatures for Noise" spec [1].
> >
> > Knowing it's unofficial/unstable I hope it's ok to ask a couple of
> questions here.
> >
> > 1) There's the following paragraph In the "Signature modifiers" section:
> >
> > "The "sig" modifier can only be used with patterns where "se" is not
> sent by
> > the responder and "es" is not sent by the initiator, and "ss" does not
> appear.
> > Attempting to apply it other patterns is invalid."
> >
> > It would be nice if you could elaborate those statements.
>
> For "ss" there is no equivalent with signatures; the other two just
> point out that you
> can only sign an outbound message, signatures don't have the symmetry that
> DH
> does.
>
Makes sense now. Thanks.
>
> > 2) Are you seeing a path towards "hybrid" patterns? Hybrid as in: DH +
> Signatures, e.g.:
> >
> > <- s
> > ...
> > -> e, es, s1, sig
> >
> > (The above pattern would allow 0-RTT encryption and authentication of
> initiator via signatures)
>
> We have discussed hybrid patterns, there are some notes from the
> January meetup, and I am
> planning to do some more work on this. I think they can be useful in
> some situations.
>
OK. Looking forward to the next iteration of the spec!
>
> > Or are there any problems/vulnerabilities that would prevent this from
> happening?
>
> You can still replay these, so it is not a solution to all issues,
> although if you have another
> way to prevent replay it can be useful.
>
Sorry, I was not clear here. I meant to ask if there were any
problems/vulnerabilities with respect to "hybrid" patterns in general.
You answered my question already. I'll wait for the next iteration of the
spec.
>
> > I'm new to the Noise Framework, so please bear with me :)
> >
> > [1]: https://github.com/noiseprotocol/noise_sig_spec
> >
> > Best,
> > Lucas Manuel RodrÃguez.
> > _______________________________________________
> > Noise mailing list
> > Noise at moderncrypto.org
> > https://moderncrypto.org/mailman/listinfo/noise
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20190408/e1521ad6/attachment.html>
More information about the Noise
mailing list