search

crossbario / autobahn-python

WebSocket and WAMP in Python for Twisted and asyncio
https://crossbar.io/autobahn
MIT License
2.47k stars 763 forks source link

E2E Encryption: Support more keyring strategies #1585

Open om26er opened 1 year ago

om26er commented 1 year ago

We have a platform which runs a WAMP router, that system also has a secure element. each user (mobile phone / website) has their own public/private key generated on login. The current implementation in autobahn ties the Key (mix of originator and responder keys) to a URI.

This is mostly fine however in our case it is desired to have 1 responder and multiple originators, the originators can dynamically change as people are added/removed from the system.

From the look of it, it is currently not possible with the autobahn-python API. There are two changes that I think will make the above possible

  1. The Key object should support multiple originators (a list)
  2. the enc_key in the Invocation should be used to determine if the originator is "expected"
oberstet commented 1 year ago

pls see my comments https://github.com/crossbario/autobahn-python/issues/1586#issuecomment-1198653850 - which roughly apply here as well. "E2Ev2" is the way forward, not "E2Ev1" ... but even more so, we need to have a proper design and spec first (eg https://github.com/wamp-proto/wamp-proto/pull/417) before jumping into moving code around ...