question: Discovery using a static secret #3307
Replies: 1 comment 4 replies
-
|
As I understand your question you're effectively asking for some kind of shared-password authentication. Discovery is meant to map a NodeId to a contactable address of some sort, it is not intended to also solve authentication. Currently iroh does not offer anything about authentication, other than what the NodeId semantics give you (traffic is guaranteed to be with that NodeId and encrypted). Generally our advice currently is to implement authentication in your own protocol. You could for example let the connecting side send this password to the accepting side as the first message, and then you can accept or reject the rest of the connection. |
Beta Was this translation helpful? Give feedback.
-
|
Hmm ok, Can i use a static ID (of some sorts) to establish a connection (using that ID) to the server (assuming the client knows that ID) And that ID never changes? I guess having this ID included in the ALPN might work, although thats probably not the cleanest solution. |
Beta Was this translation helpful? Give feedback.
-
|
https://docs.rs/iroh/latest/iroh/endpoint/struct.Builder.html#method.secret_key allows you to keep your |
Beta Was this translation helpful? Give feedback.
-
|
The ALPN is one of the few pieces that is sent in clear text. You should not put any secrets in there. |
Beta Was this translation helpful? Give feedback.
-
That's what i was looking for! Thanks! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
What is the best way to setup node discovery by using a static secret (like a string password), that should be persistent accross multiple sessions.
Is this possible using iroh's discovery mechanisms or would i need to run a seperate server that handles that.
Beta Was this translation helpful? Give feedback.
All reactions