[zeromq-dev] curve public key distribution (and zyre?)
Wes Young
wes at barely3am.com
Sat Nov 26 17:22:31 CET 2016
[i’m kinda sorta thinking out-loud here, seeing if this strikes a chord with anyone, see if i’m missing something stupid here..]
i’m wondering if anyone has examples (or war-stories) of this in the wild distributing curve public keys outside of what the doc thus far spec’s… the good, bad, ugly? short of posting them in a binary[1], or to a web page, maybe creating a public side channel (good ole REQ/REP) that hands out the key sorta like pgp.mit.edu does for GPG. let’s also assume at this stage, you don’t care who’s on the network, just that the traffic is encrypted (push those other problems higher up the stack for the time being).
i’ve dug through some of the archives which talks a little about the theory between CA’s and WoTs, thinking about this from a Zyre[2] perspective where it may be less easy to keep track of all the public keys. course if you’ve messed with zyre and/or gossip at all, one of the things that first pops to mind is setting a header for the gossip traffic that not only highlights the endpoint, but the public cert of that end-node.. which seems logical, just a matter if it’s rational (again, if you don’t care who’s on the network) and where to bootstrap the initial gossip traffic (if you wanted to TLS gossip and the initial connection). this doesn’t work well in beacon, but that may be a non issue for other reasons.
+ connect to initial gossip node via non gossip channel that hands you it’s public key
+ connect to gossip channel with public key (assume we’ve patched czmq to deal with this at the socket level)
+ work gossip through encrypted channel
+ pull down list of peers and each of their public keys
+ connect to peers directly since we have their public keys
i think some of the answers are contained within the 2015-January thread, just curious if there were more war-stories out there, what works, what doesn’t, etc..
[1] http://lists.zeromq.org/mailman/private/zeromq-dev/2014-April/025394.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-January/027703.html
http://lists.zeromq.org/mailman/private/zeromq-dev/2015-June/028551.html
[2] https://github.com/zeromq/pyre/issues/94
--
wes
wesyoung.me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20161126/f7b1de4c/attachment.sig>
More information about the zeromq-dev
mailing list