P2P master server design

[devsnd]

I've thought a little how we're going about to implement a master server (running in the internet) that can interconnect the slave servers (that people might run at home)

There are multiple things that are important.

Master server:

• can authenticate "ping" or location update from the slaves
• can provide location of a slave, given that the request is authenticated using the nickname of the slave as well as the "friend" access key token
• can distribute invitations from the slaves to the slaves
• does not know the actual tokens used for authentication between slaves

Slave server

• can give out "friend" access tokens
• friend tokens can be revoked at any time
• can authenticate friends location over the master server
• can handshake with other slaves and decide upon a common secret

Once everybody shook their hands, slaves can communicate as they like.

This might look a lil' sumpin' like this:

alice and bob are slaves

registration

alice -- "i'm alice and this is my knock sign" -> master
bob -- "i'm bob and this is my knock sign" -> master

making friends

alice -- "knock, invite bob (public friend key)" -> master
master -- "alice wants to invite you with key XY" --> bob (compares key)
bob -- "knock, i accept the invitation" -> alice
bob and alice mumble something the master cannot hear and decide upon a common key
bob --"knock, invitation accepted, (common key)"-> master
alice --"knock, invitation accepted, (common key)"-> master
master compares common key and declares friendship

locating other slave

bob --"knock, where's alice? (common key)--> master
master looks for alice, asks her for her common key and compares
master -- "look, over there!" --> bob

So all the master server must know are the knock signs.

Any flaws?

[tilboerner]

Communications between master and slave are secure, right?

The common key is only used to indicate a valid friendship to master, or also for communication between Alice and Bob?

What's a public friend key? I'd imagine slaves to keep public keys of their friends and their own private key.

How are name clashes avoided between slaves? Are they identified by their public keys?

How do friend tokens work?

Unless we want the master to tell which friends are online, I think the common secret is not necessary. Master doesn't need to know about friendships:

alice --"hi i'm alice, here's my public key"--> master
bob --"hi i'm bob, here's my public key"--> master
bob --"please tell this public key (alice) to call me up, signed(bob)"--> master
master --"bob wants to talk to you. here's his location and signature."--> alice (verifies signature)
// now alice and bob are free to communicate amongst themselves. (see edit)
// if alice doesn't answer, master doesn't know her, she's not there anymore
// or doesn't want to talk

Went and fixed some instances of authenticate. There's no fi in there. :sunglasses:

edit: Of course, Alice should make sure she's really talking to Bob:

 alice --"alice here. are you really bob? signed(alice)"--> bob

[devsnd]

do one thing and do it well.

we're not doing well enough yet for this.