Blueprint: Noise Protocol

The goal of the design doc is to describe a secured channel architecture based on Noise Protocol as an alternative to TLS to reduce the number of RTT (round trip time) .


Decent proposal…


What I would like to see implemented is a key-signing-key system. An SNO long term KSK could be used to sign a working SNO key. The long term private key could then be kept off line and off system, creating an air-gap security mechanism for the network transport security. Working key roll-over could be performed without changing anything in the satellite databases. A newly signed working key would only need to be checked against the already stored long term public key.

One concern I have with the proposal is that a new tool set will need to be learned.