RFC017 §3 disconnect on node authentication is incorrect

nuts-foundation / nuts-specification

Contains the source of the Nuts specification RFCs.

https://nuts-foundation.gitbook.io

2 stars 1 forks source link

RFC017 §3 disconnect on node authentication is incorrect #252

Closed woutslakhorst closed 1 year ago

woutslakhorst commented 1 year ago

With dynamic discovery enabled, it won't be possible for a node to connect to a bootstrap node that changed its NodeDID somewhere in time.

The new node is synchronizing transactions and somewhere it gets the first (outdated) NutsComm address. Auto discovery will update and then try to reconnect/reauthenticate. This will fail, it should continue with connecting and fetch transactions.

Disconnect on failed authentication should be changed.

woutslakhorst commented 1 year ago

@gerardsn

gerardsn commented 1 year ago

We could add a bootstrap flow: A node does not send its DID to the peer it wants to have a bootstrap connection with, and it ignores the DID received from the bootstrap node. This way the connection is anonymous (peer's DID is unknown) and therefor unauthenticated on both sides. Since this connection only uses an address, it is not affected by DID updates / dynamic service discovery.

The nodes can setup another connection that is authenticated for private VC exchange.