search

rapiz1 / rathole

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
Apache License 2.0
9.8k stars 488 forks source link

Different noise keys per service #205

Closed Yaikava closed 2 years ago

Yaikava commented 2 years ago

Feature Proposed Make it possible to have different noise keys per service.

Use Case Having multiple clients connecting to same server without all of them using the same noise keys.

rapiz1 commented 2 years ago

Hmm...What do you want to achieve by using different keys for each service? The default noise setting(noise_nk) makes it impossible for clients to spy on each others. They generates different keys on the fly.

---Original--- From: @.> Date: Thu, Nov 17, 2022 21:07 PM To: @.>; Cc: @.***>; Subject: [rapiz1/rathole] Different noise keys per service (Issue #205)

Feature Proposed Make it possible to have different noise keys per service.

Use Case Having multiple clients connecting to same server without all of them using the same noise keys.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

Yaikava commented 2 years ago

Hmm...What do you want to achieve by using different keys for each service? The default noise setting(noise_nk) makes it impossible for clients to spy on each others. They generates different keys on the fly. ---Original--- From: @.> Date: Thu, Nov 17, 2022 21:07 PM To: @.>; Cc: @.>; Subject: [rapiz1/rathole] Different noise keys per service (Issue #205) Feature Proposed Make it possible to have different noise keys per service. Use Case Having multiple clients connecting to same server without all of them using the same noise keys. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.>

Ah, did not know that. nvm

Yaikava commented 2 years ago

Just to be sure. This applies to https://github.com/rapiz1/rathole/blob/main/docs/transport.md#bidirectional-authentication too?

Guess I do not really need it either way.

fernvenue commented 2 years ago

Just to be sure. This applies to https://github.com/rapiz1/rathole/blob/main/docs/transport.md#bidirectional-authentication too?

No, Bidirectional Authentication is mutual authentication, which means that both the client and the server need to confirm each other's identity. And what you need is Noise_NK_25519_ChaChaPoly_BLAKE2s, only the client will verify the identity of the server, so that each client can use its own Key.

By the way, you can read Interactive handshake patterns (fundamental) to get more information about that.