scottlamb
commented
2 months ago I finally did some reading on OpenZiti.
So the idea is that this would be for the browser->Moonfire leg? And it would be an alternative to binding a TCP port which is reachable by the client (over the LAN, VPN, or public Internet)? And Moonfire could use Ziti APIs to provide authenticated identity and possibly even role-based authorization, as an alternative to the current password->web session or Unix socket permissions-based authentication and/or the per-user permissions in its own database?
I'm looking through a few details of how it might work.
Build/linking: we'd have to link to the OpenZiti APIs. I don't know if it's too compatible with the "build a zero-dependencies, almost-pure-Rust binary" approach I've adopted. How would you feel about this being an optional feature not included in the main release builds?
Threading model: I don't see this documented in their SDK docs. Currently Moonfire uses a multi-threaded tokio reactor. Is Ziti thread-safe? or would we need to handle all Ziti operations in one thread?
General lifecycle: looks like for each [[bind]] ziti = ... item we'd set up a service with ziti_listen. Then in ziti_client_cb, ziti_accept it, then in ziti_conn_cb set up a matching hyper Connection. We receive data via ziti_read_cb; we start writes via ziti_write and get their completion status via ziti_write_cb. Closing happens by ziti_close (locally initiated) / ziti_close_cb (fully closed by either party).
Flow control: I'm a little concerned that I don't see much mention of this.
- Read side: Looks like Ziti calls us via
ziti_read_cb. Hyper expects to drive the thing, reading when it wants to. How do we bridge those? Is there a way to tell Ziti "stop reading for a while" / "start reading again"? or do we have to buffer everything that comes in and just drop the connection abruptly if the inbound buffer becomes absurdly large? - Write side: We could make a
tokio::io::AsyncWriteimpl in whichpoll_writereturns not ready between our call toziti_writeand the matchingziti_write_cbacknowledgement. Possibly we have to layer on our own buffering and only start those writes after reaching a threshold or onpoll_flushcalls to avoid short writes though, as if I'm understanding correctly only one write can be in flight at once.
ruzko
Hi!
I'm building a free software project to offer predator alerts and deterrence for farms, using NVR and zero-trust, overlay mesh networking. There aren't any NVR offerings which implement zero-trust principles directly at this time, so in testing I've mostly had to try "bolting on" that capability, using OpenZiti and their tunnelers.
The OpenZiti maintainers suggested on a forum post I made about my project, that embedding OpenZiti using their SDKs would be ideal. OpenZiti has SDKs for embedding zero-trust communication in applications, which is superior to the tunneling approach both in terms of security and usability. They don't have a rust SDK yet, but the C SDK is usable via FFI.
OpenZiti can bootstrap a regular browser session into zero-trust without needing to install anything on the client device, by relying on an OIDC provider. For PWAs like Moonfire, this is nice.
Being written in Rust, Moonfire is a prime candidate for security-minded environments.
I'd like to see integrated support for zero-trust networking in Moonfire, and am prepared to spend ~40 hours on it initially. Is integrated zero-trust via OpenZiti something you'd consider supporting in Moonfire?
*edit: this would touch on https://github.com/scottlamb/moonfire-nvr/issues/27, https://github.com/scottlamb/moonfire-nvr/issues/26, https://github.com/scottlamb/moonfire-nvr/issues/216, https://github.com/scottlamb/moonfire-nvr/issues/154, and https://github.com/scottlamb/moonfire-nvr/issues/133