> So I did the hipster thing and implemented Noise.

> [...]

> Out of laziness, we kept the Noise stuff, which means the interface to tkdb is now HTTP/Noise.

Yikes, I wager it was more difficult to get this thing working than HTTPS because they surely have an existing solution for nearly everything else. It smells more like a developer being reluctant to delete their own code. There's an unaudited cryptography stack in their authentication path.

You are not your code.