search

auditdrivencrypto / secure-channel

secure-channel that protects all communication between two peers
MIT License
25 stars 3 forks source link

For research DEVp2p (RLPx) #7

Open wanderer opened 9 years ago

wanderer commented 9 years ago

Spec https://github.com/ethereum/devp2p/blob/master/rlpx.md "RLPx is a cryptographic peer-to-peer network and protocol suite which provides a general-purpose transport and interface for applications to communicate via a p2p network"

It specifies a DPT (distubuted Peer table) + Key Exchange + Encryption + framing + flow control. Its only a rough draft but it has several implementation (GO, C++, node.js, python). framing and flow control are not complete.

Problems 1) it still changing fast 2) it may have unknown weaknesses

dominictarr commented 9 years ago

These problems are fuddy - can you be more specific about the problems? (or link to somewhere they are discussed) highlighting specific aspects that the you or the designer are uncertain about would be more helpful.

For example describing some of the changes so far and why they where made would be better than just saying "changes fast", it would still warn the reader, but it would promote clarity - which is what we need.

wanderer commented 9 years ago

on "unknown weaknesses" it has been audited so I think the crypto should be ok but never hurts to have more ppl looking through it. :) Issues that are still possible are in the discovery protocol. It uses Kadmalia that has a few problems itself, but the biggest problem with discovery is that its not encrypted. Thats all I can think of ATM. Ill add more as I find out

on "still changing fast" framing and Flow Control are not implemented yet, so I would suspect they might change. Discovery Protocol could still change to be encrypted.

dominictarr commented 9 years ago

@wanderer I think the discovery system (pubkey -> ip address mapping in a dht, right?) is another concern. there are multiple ways you could do this in different applications (for instance, secure-scuttlebutt gossips the address, and ssh just stores them in a file.)

maybe this repo should be renamed to handshake? or private-handshake? after the handshake it's just a bulk encryption scheme, which is simple compared to the handshake.

wanderer commented 9 years ago

@dominictarr

I think the discovery system (pubkey -> ip address mapping in a dht, right?)

yep

there are multiple ways you could do this in different applications (for instance, secure-scuttlebutt gossips the address, and ssh just stores them in a file.)

The DHT or NodeTable is totally separable from everything else. So you can use any of the above methods.

maybe this repo should be renamed to handshake? or private-handshake?

I like the idea of focusing on one little module at time :+1:

wanderer commented 9 years ago

opps!