pajama-coder
commented
1 month ago Thanks for your points. I think there's a misunderstanding as to what the "CA service" actually does.
The CA service in ZTM is supposed to be running in a private network. It's only accessible by the administrator when client certificates need to be issued. All traffic going through a public network (that is, traffic between agents and hubs) is encrypted by TLS.
In theory, we don't really need a "CA service" to run ZTM, as long as we have a way to issue certificates to both the agents and the hubs. The reason we are using a CA service here is because we may have a cluster of hubs in the future, where certificate management can be a hassle by hand. By using an automatic service, things can be much easier for large meshes. Again, both CA service and hubs run in private network, behind firewalls. So it's totally secure.
yyk808
Running a CA server seems not to be the best practice for setting up a decentralized network. If the CA server is just for making the connections secure, there might be a better way for this purpose.
Diffie–Hellman based key exchange algorithms, like ECDH, can provide a way for securely exchange keys in non-secure channel without a centralized server. In fact, such kind of methods has been heavily used in libp2p, which is also a good p2p transport framework. Libp2p uses Noise Protocol Framework to establish a secure channel between two peers by exchanging keys and encrypting traffic during the libp2p handshake process.
ref: https://noiseprotocol.org/