-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encryption and Authentication proposal #147
Comments
There is ongoing work to add I2P support in both the node and wallet comms - see mimblewimble/grin#2712 |
@bddap are you still considering this? Could a similar approach be suitable for the p2p network as well? mimblewimble/grin#1420 |
I still think it's a useful addition and yes, it could work in p2p. It may be possible now to use rustls (without PKI) for this instead of noise. unfinished work on wallet tls listener. |
Going to close this issue now, as we've selected TOR as an optional dependency to handle these issues. |
Grin transactions are not encrypted by default, making them vulnerable to man in the middle attacks.
The proposed solution uses snow, an implementaion of the noise protocol framework, to provide mandatory encryption and mutual authentication for grin wallet communications. Both the connection initiator (client) and the responder (server) are authenticated by their public keys. Encrypted streams are implememented atop TCP. While the solution does not implement public key addressing, it is an incremental step towards that goal.
Readers are encouraged to provide feedback.
Proposed change
Encrypt OwnerApi and ForeignApi communications using noise protocol
Noise_XX_25519_ChaChaPoly_BLAKE2s
.Considerations
Serving apis over http benefits usability. Do we depricate the http apis?
Should communications outside of grin-wallet be encrypted as well?
Encrypted streams are difficult to implement without async/await support. My current encrypted streams implementation relies on async/await. grin-wallet targets stable Rust so a merge won't be possible until mid-August when Rust 1.37 becomes stable.
For encrypted transactions to become the de-facto standard, other implementations like Grin++ will need to implement them. Luckily, the noise protocol framework is implemented in multiple languages, including C.
Future steps
Alternatives
Proposed conventions
Wallet URL format, bikeshedding welcome :)
<PUBLIC-KEY>@{IP,DOMAIN}[:PORT]
has been proposed.The convention may become popular outside of grin and used for general purpose adressing. In that case "@" becomes a problem for email servers.
<PUBLIC-KEY>+{IP,DOMAIN}[:PORT]
or similar may be used to avoid potential conflict with email, ssh, etc.Potential usablility issue
Public keys are long:
5033dc859ac591cec7bc4a32a49db2c6c80794c334cb6e739eff74f5f4b9d20b@50.51.1.30:24345
Post-DHT upgrade
When it becomes possible to look up adresses by public key, IP becomes optional:
<PUBLIC-KEY>@{IP,DOMAIN}[:PORT]
-><PUBLIC-KEY>[@{IP,DOMAIN}[:PORT]]
.Related issues
Previous work
Request for feedback
If anyone wants to comment on these plans, please do. Make sure to tag @bddap on gitter or github.
I intend to start a WIP pr if this proposal is well accepted.
The text was updated successfully, but these errors were encountered: