Would TLS support be useful?

[tcoats]

I have multiple Raspberry Pis in a potentially hostile network. I'd like to use cote for discovery and communication, replicating data across all nodes. I've produced a similar library to cote — odo-journal. I'd rather use something with more people behind it.

Odo Journal currently uses TLS encryption where each node has a ca, key and cert. The ca is so we can rotate keys from an external secret key that is not available on each node. Every node has both the key and the cert so it's not asymmetric encryption, but it does address a man in the middle attack.

I'd see the use of TLS similar to how the environment property works, it would partition the network.

Does this have a place in cote?

[dashersw]

Exactly, we’d love to implement TLS — however no one has gone to the length to implement it. If you’d consider contributing, you’d be welcome.

[tcoats]

It looks like the heavy lifting would be in axon, in sock.js. At the moment all connections are via net, we'd need to add tls as an option. The changes needed in cote would be passing configuration parameters through.

Are your changes to axon likely to be upstreamed to tj's repo? I'm wondering if we need to line up with that project's vision.

[tcoats]

Looking at the pull requests, someone has implemented tls. I haven't had a look, but could this potentially be merged into your branch?

We'd need to review the changes for suitability.

[dashersw]

Looks interesting! Some lines seem redundant, but if you can make it work within cote, we can merge it and release as a newer version of @dashersw/axon.

[dashersw]

Sorry, didn’t see your previous message. Axon is probably dead at this point, so I would assume not.

[otothea]

@tcoats I would like to see this feature supported by cote as well, let me know if you need/want any help.