Wes Young
2016-11-26 16:22:31 UTC
[iâm kinda sorta thinking out-loud here, seeing if this strikes a chord with anyone, see if iâm missing something stupid here..]
iâm wondering if anyone has examples (or war-stories) of this in the wild distributing curve public keys outside of what the doc thus far specâs⊠the good, bad, ugly? short of posting them in a binary[1], or to a web page, maybe creating a public side channel (good ole REQ/REP) that hands out the key sorta like pgp.mit.edu does for GPG. letâs also assume at this stage, you donât care whoâs on the network, just that the traffic is encrypted (push those other problems higher up the stack for the time being).
iâve dug through some of the archives which talks a little about the theory between CAâs and WoTs, thinking about this from a Zyre[2] perspective where it may be less easy to keep track of all the public keys. course if youâve messed with zyre and/or gossip at all, one of the things that first pops to mind is setting a header for the gossip traffic that not only highlights the endpoint, but the public cert of that end-node.. which seems logical, just a matter if itâs rational (again, if you donât care whoâs on the network) and where to bootstrap the initial gossip traffic (if you wanted to TLS gossip and the initial connection). this doesnât work well in beacon, but that may be a non issue for other reasons.
+ connect to initial gossip node via non gossip channel that hands you itâs public key
+ connect to gossip channel with public key (assume weâve patched czmq to deal with this at the socket level)
+ work gossip through encrypted channel
+ pull down list of peers and each of their public keys
+ connect to peers directly since we have their public keys
i think some of the answers are contained within the 2015-January thread, just curious if there were more war-stories out there, what works, what doesnât, etc..
[1] http://lists.zeromq.org/mailman/private/zeromq-dev/2014-April/025394.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-January/027703.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-June/028551.html
[2] https://github.com/zeromq/pyre/issues/94
--
wes
wesyoung.me
iâm wondering if anyone has examples (or war-stories) of this in the wild distributing curve public keys outside of what the doc thus far specâs⊠the good, bad, ugly? short of posting them in a binary[1], or to a web page, maybe creating a public side channel (good ole REQ/REP) that hands out the key sorta like pgp.mit.edu does for GPG. letâs also assume at this stage, you donât care whoâs on the network, just that the traffic is encrypted (push those other problems higher up the stack for the time being).
iâve dug through some of the archives which talks a little about the theory between CAâs and WoTs, thinking about this from a Zyre[2] perspective where it may be less easy to keep track of all the public keys. course if youâve messed with zyre and/or gossip at all, one of the things that first pops to mind is setting a header for the gossip traffic that not only highlights the endpoint, but the public cert of that end-node.. which seems logical, just a matter if itâs rational (again, if you donât care whoâs on the network) and where to bootstrap the initial gossip traffic (if you wanted to TLS gossip and the initial connection). this doesnât work well in beacon, but that may be a non issue for other reasons.
+ connect to initial gossip node via non gossip channel that hands you itâs public key
+ connect to gossip channel with public key (assume weâve patched czmq to deal with this at the socket level)
+ work gossip through encrypted channel
+ pull down list of peers and each of their public keys
+ connect to peers directly since we have their public keys
i think some of the answers are contained within the 2015-January thread, just curious if there were more war-stories out there, what works, what doesnât, etc..
[1] http://lists.zeromq.org/mailman/private/zeromq-dev/2014-April/025394.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-January/027703.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-June/028551.html
[2] https://github.com/zeromq/pyre/issues/94
--
wes
wesyoung.me