AFAIK, the wyoming protocol currently does not encrypt traffic, nor does it confirm the authenticity of any connected peer, nor does it have any authorization controls.
For the privacy-minded, which this project caters to, there should be some way to secure communication between wyoming nodes.
I think this is a good starting point for discussion:
Encryption. Given that many installs are likely in local environments, without proper SSL certificates set up (which is another issue, but another story), an automatic key exchange is probably favorable.
Authentication. See above - could work hand-in-hand.
Authorization. Control which node (since we now know who we are talking to) can control which features.
There should be a minimum separation between privacy-related and non-privacy-related activities.
e.g.: Streaming audio in either direction, privacy-related. Deciding if streamed audio is a wakeword: Likely not as important.
AFAIK, the wyoming protocol currently does not encrypt traffic, nor does it confirm the authenticity of any connected peer, nor does it have any authorization controls.
For the privacy-minded, which this project caters to, there should be some way to secure communication between wyoming nodes.
I think this is a good starting point for discussion:
e.g.: Streaming audio in either direction, privacy-related. Deciding if streamed audio is a wakeword: Likely not as important.
See also a related discussion here: https://github.com/rhasspy/wyoming-satellite/pull/144#issuecomment-2028011315
Keep in mind that I am no security expert, so take the ideas above with a grain of salt.