Remove Noise protocol references from wiki docs and tests
Delete 8 Noise-specific documentation pages (noise-xx.md,
transport-keys.md, adr-001/003/006, framing-codec.md) and update
~30 remaining wiki pages to reflect QUIC+TLS as the sole transport.
Remove obsolete Noise-based integration tests (auth_service.rs,
mls_group.rs). Code-side Noise removal was done in f334ed3.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -26,24 +26,15 @@ connection lifecycle, and the long-polling `fetchWait` mechanism.
|
||||
|
||||
---
|
||||
|
||||
## Dual-Key Model
|
||||
## Identity Key Model
|
||||
|
||||
quicnprotochat uses two independent asymmetric key pairs per client, each
|
||||
serving a distinct role:
|
||||
Each quicnprotochat client holds a single Ed25519 signing keypair that serves
|
||||
as its long-term identity:
|
||||
|
||||
```text
|
||||
quicnprotochat Key Model
|
||||
┌──────────────────────────────────────────────────┐
|
||||
│ │
|
||||
│ X25519 static keypair (Noise transport) │
|
||||
│ ───────────────────────────────────── │
|
||||
│ - Generated once per node identity │
|
||||
│ - Used in the Noise_XX handshake (M1 stack) │
|
||||
│ - Provides mutual authentication + │
|
||||
│ channel confidentiality at the TCP layer │
|
||||
│ - Classical only (no PQ protection) │
|
||||
│ - Managed by NoiseKeypair, zeroize-on-drop │
|
||||
│ │
|
||||
│ Ed25519 signing keypair (MLS identity) │
|
||||
│ ────────────────────────────────────── │
|
||||
│ - Generated once per user/device │
|
||||
@@ -55,17 +46,16 @@ serving a distinct role:
|
||||
└──────────────────────────────────────────────────┘
|
||||
```
|
||||
|
||||
| Property | X25519 (Noise) | Ed25519 (MLS) |
|
||||
|-------------------|-------------------------------------|--------------------------------------------|
|
||||
| Curve | Curve25519 (Montgomery) | Ed25519 (Twisted Edwards) |
|
||||
| Purpose | Transport authentication + secrecy | Identity binding, signing, MLS credentials |
|
||||
| Crate | `x25519-dalek` | `ed25519-dalek` |
|
||||
| Zeroize on drop | Yes (`StaticSecret`) | Yes (`Zeroizing<[u8; 32]>`) |
|
||||
| PQ protection | None (classical X25519) | MLS key schedule uses DHKEM(X25519); hybrid PQ KEM available at envelope level |
|
||||
| Property | Ed25519 (MLS) |
|
||||
|-------------------|--------------------------------------------|
|
||||
| Curve | Ed25519 (Twisted Edwards) |
|
||||
| Purpose | Identity binding, signing, MLS credentials |
|
||||
| Crate | `ed25519-dalek` |
|
||||
| Zeroize on drop | Yes (`Zeroizing<[u8; 32]>`) |
|
||||
| PQ protection | MLS key schedule uses DHKEM(X25519); hybrid PQ KEM available at envelope level |
|
||||
|
||||
For details on the cryptographic properties of each key type, see
|
||||
[Ed25519 Identity Keys](../cryptography/identity-keys.md) and
|
||||
[X25519 Transport Keys](../cryptography/transport-keys.md).
|
||||
For details on the cryptographic properties, see
|
||||
[Ed25519 Identity Keys](../cryptography/identity-keys.md).
|
||||
|
||||
---
|
||||
|
||||
@@ -80,14 +70,9 @@ For details on the cryptographic properties of each key type, see
|
||||
│ │ │ │
|
||||
│ GroupMember │ │ GroupMember │
|
||||
│ (MLS state) │ │ (MLS state) │
|
||||
│ │ │ │
|
||||
│ NoiseKeypair* │ │ NoiseKeypair* │
|
||||
│ (X25519, M1) │ │ (X25519, M1) │
|
||||
└────────┬─────────┘ └────────┬─────────┘
|
||||
│ │
|
||||
│ QUIC + TLS 1.3 (quinn/rustls) │
|
||||
│ ─── or ─── │
|
||||
│ Noise_XX over TCP (snow, M1 stack) │
|
||||
│ │
|
||||
▼ ▼
|
||||
┌────────────────────────────────────────────────────────────────────────────┐
|
||||
@@ -118,8 +103,7 @@ For details on the cryptographic properties of each key type, see
|
||||
2. KeyPackages are single-use (RFC 9420 requirement). The AS atomically removes
|
||||
a KeyPackage on fetch to enforce this invariant.
|
||||
|
||||
3. The QUIC + TLS 1.3 stack is the primary transport (M3+). The Noise_XX over
|
||||
TCP stack from M1 remains available for environments where QUIC is blocked.
|
||||
3. QUIC + TLS 1.3 is the sole transport layer.
|
||||
|
||||
---
|
||||
|
||||
@@ -127,9 +111,8 @@ For details on the cryptographic properties of each key type, see
|
||||
|
||||
The system stacks three protocol layers:
|
||||
|
||||
1. **Transport** -- QUIC + TLS 1.3 (primary) or Noise_XX over TCP (M1
|
||||
fallback). Provides confidentiality, integrity, and server authentication.
|
||||
See [Protocol Stack](protocol-stack.md).
|
||||
1. **Transport** -- QUIC + TLS 1.3. Provides confidentiality, integrity, and
|
||||
server authentication. See [Protocol Stack](protocol-stack.md).
|
||||
|
||||
2. **Framing / RPC** -- Cap'n Proto serialisation and RPC. Provides zero-copy
|
||||
typed messages, schema versioning, and async method dispatch.
|
||||
@@ -152,7 +135,7 @@ The implementation is split across four workspace crates:
|
||||
|
||||
| Crate | Role |
|
||||
|----------------------------|-------------------------------------------------------------------|
|
||||
| `quicnprotochat-core` | Crypto primitives, Noise transport, MLS state machine, hybrid KEM |
|
||||
| `quicnprotochat-core` | Crypto primitives, MLS state machine, hybrid KEM |
|
||||
| `quicnprotochat-proto` | Cap'n Proto schemas, codegen, and serialisation helpers |
|
||||
| `quicnprotochat-server` | QUIC listener, NodeService RPC, storage |
|
||||
| `quicnprotochat-client` | QUIC client, CLI subcommands, state persistence |
|
||||
@@ -164,7 +147,7 @@ and dependency diagram.
|
||||
|
||||
## Further Reading
|
||||
|
||||
- [Protocol Stack](protocol-stack.md) -- layered comparison of the two transport stacks
|
||||
- [Protocol Stack](protocol-stack.md) -- layered protocol stack description
|
||||
- [Service Architecture](service-architecture.md) -- NodeService RPC methods, connection lifecycle, long-polling
|
||||
- [End-to-End Data Flow](data-flow.md) -- registration, group creation, and message exchange sequence diagrams
|
||||
- [Wire Format Overview](../wire-format/overview.md) -- Cap'n Proto schema reference
|
||||
|
||||
Reference in New Issue
Block a user