andres-h
commented
1 year ago Feedback from proposal team
Verifying server certificate is part of SSL/TLS and can be used with SeedLink directly. There is no need for an additional reverse auth or https/wws requirement.
crotwell
Is there a need for a reverse authentication, ie the client can verify that the datacenter server or station really is who it says it is? Analogous to the host verification for https, but for raw sockets.
Currently this is mostly done by trusting IP addresses, but perhaps there is advantage to having more precise way to do this. I am imagining a data logger could be populated with a long lived JWT token that the client pulling data would be able to use to verify that the data is coming from actual station. Lots of nasty details in this, but it feels like the current spec has functionality for the server to verify if the client is allowed to connect, but nothing to help the client be sure the server is ok.
Additional note, it feels very weird that clients would be expected to provide username/password to a server with no way to verify it can trust the server with those credentials. I expect it is very unlikely that a bad actor would try to spoof a seedlink server for the purposes of stealing passwords, but I feel you either do security or you don't do security. Partial security is just asking for trouble.
Maybe this could be added to the existing ID command, ID AUTH perhaps. Or maybe better would be to say secure connections should only be done via web sockets, so we reuse all the https/wws security concepts.