Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft a spec to do Peer ID Authentication with Keying Material Exports for TLS #629

Open
MarcoPolo opened this issue Sep 4, 2024 · 0 comments
Labels
explorative descriptive and informational

Comments

@MarcoPolo
Copy link
Contributor

Meta and caveats:

This could serve as an alternative to our current TLS PeerID authentication scheme which uses certificate extensions to authenticate.

Pros:

  • This would allow us to easily use a standard CA issued certificate and still have PeerID authentication.
  • Use the same TLS cert for HTTP transport and stream transport.

Cons:

  • One more way of doing peerid authentication.
  • Will be subsumed once The Concealed HTTP Authentication Scheme is published (and available in browsers).
  • Still doesn't work in browsers. See HTTP PeerID Auth for something that does.

I'd recommend holding off on this for now and investing the energy from here into a spec that makes use of The Concealed HTTP Authentication Scheme.

@MarcoPolo MarcoPolo added the explorative descriptive and informational label Sep 4, 2024
@github-project-automation github-project-automation bot moved this to Triage in libp2p Specs Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
explorative descriptive and informational
Projects
Status: Triage
Development

No branches or pull requests

1 participant