Open m-schmoock opened 4 years ago
Good idea.
If wallets open up several connection, we could utilize temporary IP whitelist
Can you elaborate on this? When do wallets open several connections, what problem is solved by a temporary IP whitelist
@chris-belcher I updated the issues main text to be more accurate.
The IP whitelist is just to skip implicit authentication method from the same IP address for a give timeframe. I think some wallets may open up multiple connections (for whatever reason). Maybe we do not need this at all, t.b.d.
I've reviewed the edited OP and it seems like a good idea.
If we are going to implement authentication RCP calls, we should not introduce username/password credentials settings, as this requires additional UX stuff, that is not necessary. We can already use the preknowledge of the xPubKey and let the client submit the correct specially derived pubkey of i.e. m/0/
or m/42/
or whatever that proofs the client is in charge of the correct xpubkey chain. Something can be done in the other direction, if the server needs to authenticate itself towards the client, it can ECDSA sign a message with derived pubkey m/0/
or m/42/
or whatever.
Rationale
Using EPS without a SSL tunnel or other transport layer security is not recommended as:
Having users to figure out transport layer security or tunneling setup on their own will result in most users skipping that and thus harming their privacy. Especially as it will become more and more normal to use EPS for mobile clients, i.e. such as eclair.
I see users wanting to run one simple docker command to get a EPS maybe including BTC node online without having to care for tunneling.
Problem statement
We need to distinguish legit users (in charge of private keys) from non-legit users (trying and messing around).
Concept
First: Implicit Authentication Mechanism can be an optional config option that the EPS operator decides on if and how to use it, as it may impact compatibility with his wallet.
Electrum protocol uses JSON RPC which supports sending responses out of order. We can utilize that in order to delay responses until we know sure enough that a client connection is done by a legit user. Non legit users connections should be dropped.
Hard authentication:
Weak authentication:
dis-authentication:
If the user not yet hard authenticated, we can assume a connection to be not legit on the first request that is made to an address that not known.
initial thoughts from IRC: