Remove Noise protocol references from wiki docs and tests
Delete 8 Noise-specific documentation pages (noise-xx.md,
transport-keys.md, adr-001/003/006, framing-codec.md) and update
~30 remaining wiki pages to reflect QUIC+TLS as the sole transport.
Remove obsolete Noise-based integration tests (auth_service.rs,
mls_group.rs). Code-side Noise removal was done in f334ed3.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -2,16 +2,15 @@
|
||||
|
||||
quicnprotochat layers three protocol stages to move a plaintext message from
|
||||
sender to recipient with end-to-end encryption, typed RPC framing, and
|
||||
authenticated transport. This page describes each layer, explains why both the
|
||||
QUIC and Noise transport stacks exist, and provides a side-by-side comparison.
|
||||
authenticated transport. This page describes each layer and provides a
|
||||
comparison table.
|
||||
|
||||
---
|
||||
|
||||
## Primary Stack (M3+): QUIC + TLS 1.3
|
||||
## Transport: QUIC + TLS 1.3
|
||||
|
||||
Starting from milestone M3, the primary transport is QUIC over UDP with TLS 1.3
|
||||
negotiated by `quinn` and `rustls`. Cap'n Proto RPC rides on a bidirectional
|
||||
QUIC stream.
|
||||
The transport layer is QUIC over UDP with TLS 1.3 negotiated by `quinn` and
|
||||
`rustls`. Cap'n Proto RPC rides on a bidirectional QUIC stream.
|
||||
|
||||
```text
|
||||
┌─────────────────────────────────────────────┐
|
||||
@@ -56,90 +55,6 @@ QUIC stream.
|
||||
`BasicCredential`.
|
||||
- Ciphersuite: `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`.
|
||||
|
||||
---
|
||||
|
||||
## M1 Stack: Noise_XX over TCP
|
||||
|
||||
The original milestone-1 transport uses a Noise Protocol Framework handshake
|
||||
directly over TCP. This stack is retained for environments where QUIC (UDP) is
|
||||
blocked by middleboxes.
|
||||
|
||||
```text
|
||||
TCP connection
|
||||
└── Noise_XX handshake (snow)
|
||||
└── Authenticated encrypted channel (ChaCha20-Poly1305)
|
||||
└── [u32 frame_len LE][Cap'n Proto encoded message]
|
||||
└── Cap'n Proto RPC (capnp-rpc)
|
||||
```
|
||||
|
||||
### Layer details
|
||||
|
||||
**TCP**
|
||||
|
||||
- Reliable, ordered byte stream.
|
||||
- No built-in encryption or authentication.
|
||||
|
||||
**Noise_XX** (`snow`)
|
||||
|
||||
- Pattern: `Noise_XX_25519_ChaChaPoly_BLAKE2s`.
|
||||
- Three-message handshake that mutually authenticates both peers' static
|
||||
X25519 keys:
|
||||
|
||||
```text
|
||||
XX handshake (3 messages):
|
||||
-> e (initiator sends ephemeral public key)
|
||||
<- e, ee, s, es (responder: DH + static key)
|
||||
-> s, se (initiator: static key + final DH)
|
||||
```
|
||||
|
||||
- After the handshake, every frame is encrypted with ChaCha20-Poly1305 (AEAD)
|
||||
using session keys derived from the Noise key schedule.
|
||||
- Maximum Noise message size: 65,535 bytes.
|
||||
|
||||
**Length-Prefixed Codec** (`LengthPrefixedCodec` in `quicnprotochat-core`)
|
||||
|
||||
- Each frame is prefixed by a 4-byte little-endian `u32` length field.
|
||||
- Little-endian was chosen for consistency with Cap'n Proto's segment table
|
||||
encoding.
|
||||
- Wire format:
|
||||
|
||||
```text
|
||||
┌──────────────────────────┬──────────────────────────────────────┐
|
||||
│ length (4 bytes, LE u32)│ payload (length bytes) │
|
||||
└──────────────────────────┴──────────────────────────────────────┘
|
||||
```
|
||||
|
||||
- Maximum payload size is `NOISE_MAX_MSG` (65,535 bytes), enforced on both
|
||||
encode and decode.
|
||||
- See [Length-Prefixed Framing Codec](../wire-format/framing-codec.md) for the
|
||||
full specification.
|
||||
|
||||
**Cap'n Proto RPC**
|
||||
|
||||
- Same schema and RPC interface as the QUIC stack.
|
||||
- The `NoiseTransport::into_capnp_io()` method bridges the message-oriented
|
||||
Noise channel to the byte-stream interface that `capnp-rpc`'s
|
||||
`twoparty::VatNetwork` expects, using a `tokio::io::duplex` pipe and a
|
||||
background shuttle task.
|
||||
|
||||
---
|
||||
|
||||
## Why Both Stacks Exist
|
||||
|
||||
| Concern | QUIC + TLS 1.3 | Noise_XX over TCP |
|
||||
|------------------------|----------------------------------------|----------------------------------------|
|
||||
| **Milestone** | M3+ (primary) | M1 (original, retained) |
|
||||
| **UDP availability** | Requires UDP; may be blocked on some networks | TCP-only; works everywhere |
|
||||
| **Connection setup** | 1-RTT (or 0-RTT on resumption) | 1-RTT TCP + 1.5-RTT Noise handshake |
|
||||
| **Multiplexing** | Native QUIC stream multiplexing | Single TCP connection, single stream |
|
||||
| **Authentication** | Server cert (self-signed / CA-issued) | Mutual static-key authentication |
|
||||
| **PQ gap** | TLS 1.3 key exchange is classical ECDHE | Noise key exchange is classical X25519 |
|
||||
| **Crate** | `quinn`, `rustls` | `snow` |
|
||||
|
||||
Both stacks carry the same Cap'n Proto RPC and MLS layers on top, so
|
||||
application logic is transport-agnostic. The Noise_XX stack may also serve as a
|
||||
peer-to-peer transport in future mesh topologies where a QUIC server
|
||||
certificate model does not apply.
|
||||
|
||||
---
|
||||
|
||||
@@ -148,7 +63,6 @@ certificate model does not apply.
|
||||
| Layer | Provides | Crate(s) |
|
||||
|-------------|------------------------------------------------------------------|-----------------------------------------|
|
||||
| **Transport: QUIC + TLS 1.3** | Confidentiality, server authentication, forward secrecy, multiplexed streams, congestion control | `quinn`, `rustls` |
|
||||
| **Transport: Noise_XX** | Confidentiality, mutual authentication, forward secrecy (per-session) | `snow` |
|
||||
| **Framing: Cap'n Proto** | Zero-copy typed serialisation, schema versioning, async RPC with promise pipelining | `capnp`, `capnp-rpc` |
|
||||
| **Encryption: MLS** | Group key agreement, forward secrecy, post-compromise security, identity binding | `openmls`, `openmls_rust_crypto` |
|
||||
| **Encryption: Hybrid KEM** (optional) | Post-quantum confidentiality for individual payloads (X25519 + ML-KEM-768) | `ml-kem`, `x25519-dalek`, `chacha20poly1305`, `hkdf` |
|
||||
@@ -175,12 +89,12 @@ TLS-encoded MlsMessageOut (opaque ciphertext blob)
|
||||
Cap'n Proto: enqueue(recipientKey, payload)
|
||||
│ ── serialised into NodeService RPC call ──
|
||||
▼
|
||||
QUIC stream (TLS 1.3 encrypted) ─── or ─── Noise frame (ChaCha20-Poly1305)
|
||||
│ │
|
||||
▼ ▼
|
||||
QUIC stream (TLS 1.3 encrypted)
|
||||
│
|
||||
▼
|
||||
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌ network ╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌
|
||||
│ │
|
||||
▼ ▼
|
||||
│
|
||||
▼
|
||||
Server: NodeService.enqueue() stores payload in FIFO queue
|
||||
│
|
||||
▼
|
||||
@@ -200,8 +114,7 @@ The server **never** holds the MLS group key. It sees only the encrypted
|
||||
|
||||
## Further Reading
|
||||
|
||||
- [Architecture Overview](overview.md) -- high-level system diagram and dual-key model
|
||||
- [Noise_XX Handshake](../protocol-layers/noise-xx.md) -- deep dive into the three-message handshake
|
||||
- [Architecture Overview](overview.md) -- high-level system diagram and identity key model
|
||||
- [QUIC + TLS 1.3](../protocol-layers/quic-tls.md) -- QUIC configuration, ALPN, and certificate handling
|
||||
- [Cap'n Proto Serialisation and RPC](../protocol-layers/capn-proto.md) -- schema design and VatNetwork wiring
|
||||
- [MLS (RFC 9420)](../protocol-layers/mls.md) -- ciphersuite selection, key schedule, and ratchet tree
|
||||
|
||||
Reference in New Issue
Block a user