Right now, clients are "authenticated" by being able to establish TCP connections from their IP address and by them having a copy of the server's public key. We probably want to have real authentication by a secret possessed by each client. This could be through us switching to a different Noise pattern (such as in #307) or passing an authentication token within the messages.
Nov 10, 2022
Right now, clients are "authenticated" by being able to establish TCP connections from their IP address and by them having a copy of the server's public key. We probably want to have real authentication by a secret possessed by each client. This could be through us switching to a different Noise pattern (such as in #307) or passing an authentication token within the messages.