RavenFabric

Why Noise XX over TLS

May 5, 2026 · 5 min read

Every security tool reaches the same crossroads early in development: how do we encrypt connections? The default answer in 2026 is still TLS. We chose something different.

RavenFabric uses the Noise XX handshake pattern with X25519, ChaCha20-Poly1305, and BLAKE2s. The same cryptographic foundation as WireGuard. Here's why.

The Problem with TLS

TLS is excellent for the web. It was designed for a world where browsers connect to millions of servers, and trust is delegated to certificate authorities. But RavenFabric operates in a different world:

  • No browsers. Both sides are our software — we control both endpoints.
  • No CAs. We don't want to trust Symantec, Let's Encrypt, or anyone's CA hierarchy. Identity should be cryptographic, not bureaucratic.
  • Mutual authentication required. Both sides must prove their identity, not just the server. TLS client certificates exist but are awkward and rarely used.
  • Relay opacity. Our relay must never learn who is connecting — TLS leaks the server certificate in the handshake (SNI, server certificate).

What Noise XX Gives Us

The Noise Framework is a specification for building cryptographic handshake protocols. The "XX" pattern provides:

Noise_XX_25519_ChaChaPoly_BLAKE2s

Initiator                          Responder
    │── e ─────────────────────►   │  ephemeral key
    │   ◄──────────── e, ee, s, es │  ephemeral + static
    │── s, se ─────────────────►   │  static key (encrypted!)
    │         [secure channel]     │

Mutual authentication — Both sides exchange static public keys. Both prove they hold the corresponding private key. No certificates. No CAs. No OCSP. No CRL. Just keys.

Identity hiding — Static keys are encrypted during the handshake. A passive observer (including our relay) sees only ephemeral keys and random bytes. In TLS, the server certificate is visible to any eavesdropper.

Forward secrecy — Ephemeral keys are generated per session and discarded. Compromising a long-term key doesn't decrypt past sessions.

Simplicity — The entire Noise XX specification fits on a page. TLS 1.3 is 150+ pages. Fewer moving parts means fewer bugs, fewer CVEs, fewer attack surfaces.

Relay Opacity

This is the killer feature for our architecture. RavenFabric's relay is a stateless encrypted broker. It pairs agents with clients and forwards bytes. It must never know:

  • Who is connecting (identity)
  • What they're saying (content)
  • What commands are being executed (operations)

With TLS, the relay would see the server's certificate (identifying the agent) and SNI (identifying the intended destination). With Noise XX, the relay sees only random-looking bytes from the first message onwards.

The Code

Our implementation uses the snow crate — a well-audited Rust implementation of the Noise Framework. The entire handshake is ~50 lines of code:

let mut initiator = snow::Builder::new(
    "Noise_XX_25519_ChaChaPoly_BLAKE2s".parse()?,
)
.local_private_key(&keypair.private)
.build_initiator()?;

// Message 1: → e
let len = initiator.write_message(&[], &mut buf)?;
transport.send(&buf[..len]).await?;

// Message 2: ← e, ee, s, es
let msg = transport.recv().await?;
initiator.read_message(&msg, &mut buf)?;

// Message 3: → s, se
let len = initiator.write_message(&[], &mut buf)?;
transport.send(&buf[..len]).await?;

// Done — transition to transport mode
let channel = initiator.into_transport_mode()?;

Compare this to setting up TLS with mutual client certificates, and the difference in complexity is stark.

Trade-offs

Noise XX isn't universally better than TLS. The trade-offs are deliberate:

  • No browser compatibility. You can't open a Noise connection from a web browser. We don't need to — our CLI and agent are compiled Rust.
  • No CA delegation. Every key must be explicitly trusted. For RavenFabric, this is a feature: enrollment uses one-time tokens, and trust is established through cryptographic key exchange, not third-party signatures.
  • Smaller ecosystem. TLS has decades of tooling, debugging infrastructure, and institutional knowledge. Noise is younger, though WireGuard has proven it at scale.

Conclusion

For a system where both endpoints are controlled, mutual authentication is mandatory, and the relay must be cryptographically blind — Noise XX is the right choice. It's simpler, more secure for our use case, and gives us properties that TLS fundamentally cannot provide.

The same crypto that protects billions of WireGuard tunnels today protects every RavenFabric connection.

← Back to blog