Closed daviddias closed 5 years ago
I'm not 100% sure of how secio is implemented right now, probably already does something close to this and if that is the case, we should abstracted for it to be cross language friendly.
Yeah, it already does this. secio
is implemented on top of net.Conn
which is the generic way to do this sort of stuff in Go. it is the equivalent of:
unencrypted := net.Dial(...)
encrypted := secio.NewSession(unencrypted, params)
but has more ceremony around how the params are chosen, and so on.
a more important thing to consider is to just use some other well-known transport encryption protocol instead of secio altogether
a more important thing to consider is to just use some other well-known transport encryption protocol instead of secio altogether
without saying "tls", what options do we have?
Adding @maxogden as he is interested in having this as well.
It would be good/interesting to have DH to set up the private channel as one thing, and then have the TLS handshake to guarantee authenticity as separate step.
A tested/proven example for the first part, is what happens inside WebRTC, but I'm not being able to find some nice implementations for that.
We've talked today about the ideia to use some of the crypto libraries and wrap them around with a stream interface in order to enabled cypher stream muxer connections or per stream basis.
SGTM!
a more important thing to consider is to just use some other well-known transport encryption protocol instead of secio altogether
Maybe that could be piggybacked on top of multihash -- i.e. have the public key representation include a hint about how to shake hands?
without saying "tls", what options do we have?
Caleb came up with a handshake and stream for cjdns: https://github.com/hyperboria/cjdns/blob/master/doc/Whitepaper.md#the-cryptoauth
@diasdavid @dominictarr did a writeup of our handshake: https://github.com/auditdrivencrypto/secure-channel/blob/master/prior-art.md#ipfss-secure-channel
I think it isn't relevant anymore, we support multistream select before handshake and we are finalizing tls.
We've talked today about the ideia to use some of the crypto libraries and wrap them around with a stream interface in order to enabled cypher stream muxer connections or per stream basis.
This would enable us (and other people that are interested) to pass a duplex stream with another peer, give the right arguments (depending on the type of cypher used) wait to return another duplex stream, which abstracts a cyphered channel.
Initially, what would be looking for is to have something that at least offers the same crypto handshake that WebRTC has with DTLS.
I'm not 100% sure of how secio is implemented right now, probably already does something close to this and if that is the case, we should abstracted for it to be cross language friendly.@dominictarr has documented the IPFS crypto stream handshake: https://github.com/auditdrivencrypto/secure-channel/blob/master/prior-art.md#ipfss-secure-channel