Can you express this with Noise framework tokens? I don't think you can. Noise is fiddlier than it looks! It's not just an ordering of DH exchanges; it's transcript hashes, cipher state tracking (and reinitializing), key derivation, the whole 9. The temptation (at least for me) is to just skip to the table of handshakes and skim, but the actual protocol framework is in Section 5, where they define precisely what each of those tokens really entails.
(To say nothing of: this uses signatures, and Noise does not).
Gotta say that I generally like the Noise framework (or rather the protocols that result), but it is one of the most impenetrable specifications I've ever read
I don't remember what it is specifically about it, I just remember the document being a pain to read; a bit like the original Paxos paper in that regard.
I don't know about that. As an implementor, it is probably one of the easiest-to-follow specs I've ever worked from. You can pretty much code it from the top of the spec to the bottom; when you get to the handshake patterns section and realize that each is just a different ordering of things in an array or whatnot, it's pretty slick.
ECIES is quite fine though for most asynchronous applications, where having a signing key also makes sense as you often want to publish long-lived, signed data and build a trust chain (e.g. generate and sign session keys from a master key). I built several real-world systems based on that (e.g. [1]) and they all made it through the audits fine. I was exploring Noise-based protocols but I find it's best to rely on primitives that are supported by the Web Crypto API.
ECIES is a hybrid encryption construction; Noise is a protocol. They're two different levels of abstraction. This thing we're commenting on has a protocol; it's just an accidental one, which is usually not what you want. WebCrypto doesn't provide a protocol framework, just a bunch of primitives.
(To say nothing of: this uses signatures, and Noise does not).