Closed jgoerzen closed 11 months ago
Something that might work here is some kind of mutual authentication — nodes could have a set of shared keys and some kind of authentication of equals could ensure that peering can only succeed if each node is configured with a common key.
It would be very good to offer something like AllowedPublicKeys for the multicast-discovered peers as well.
Or maybe let's add a flag that indicates that AllowedPublicKeys
should also apply for link-local discovered peers.
IPFS has something called "pnet", it works by having a PSK and then nodes encrypt all traffic to each other using that psk after pushing it through some key extension algo and using that for a stream cipher, in addtion to everything else, so that only nodes that have that PSK can talk to them and only those nodes can understand the traffic.
AllowedPublicKeys
should also apply for link-local discovered peers. i'd argue this should have been the default
i like the pre shared key authentication route a lot more as it ends up being easier to scale up with lots of private nodes who need to access one big peer. having to add a new key to a whitelist is a pain at scale and an instrumenting that makes it less attractive to tunnel brokers.
Closing as we will have ?password=
on Listen
and Peer
entries in v0.5.
Yggdrasil can be easily set up as a private network - that is, only nodes one controls onesself are able to communicate with each other.
The limits on who to connect to, and where to accept connections from, help with this.
Unless, that is, you want to take advantage of LAN auto-discovery. Then, all it takes is a houseguest with Yggdrasil set up to access the mainnet and boom - all your machines are globally reachable too.
It would be very good to offer something like AllowedPublicKeys for the multicast-discovered peers as well.