Why Station To Station protocol and not TLS?


#1

I was wondering why have you implemented proprietary secured connection protocol intead of simply using TLS or mTLS?

Author: c0rwin on Riot


#2

TLS was deemed way too complicated. Also existing implementation had there own problems. (Not sure about mTLS?)

The right thing to do today still might be to use some noise variant instead of TLS (still much simpler).

I think proprietary is not the right word here. Everything is open source and uses open source software, too.

Author: @ismail


#3

The right thing to do today still might be to use some noise variant instead of TLS

What do you mean by noise variant? And still not sure why custom protocol is better than a standard one?

Is there a proof of security properties of secure connection protocol? Proof of forward secrecy?


#4

@C0rWin there are definitely known vulnerabilities in the current Secure Connection protocol, namely it was vulnerable to this attack:

There’s an open issue to migrate to one of the Noise key exchange patterns here:

Namely we are investigating one the newly described signature-based patterns:

Specifically, the XXsig pattern appears to fit the key exchange performed by the current handshake.

Aside from using a Noise AKE pattern, the existing protocol is close to Noise’s CipherState when instantiated with ChaCha20Poly1305 AEAD (IETF version)