libp2p + HTTP: Peer Authentication #481
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MarcoPolo
reviewed
Nov 21, 2022
|
|
||
| The client proves ownership of its private key by signing a value provided by the server. The server then issues an authentication token, which the client then sets as a header field on subsequent requests to the server. To allow the server to operate statelessly, it MAY encode the client’s peer ID into the authentication token. | ||
|
|
||
| TODO: specify endpoints and what exactly to sign. Or maybe there’s prior art we can reuse? |
There was a problem hiding this comment.
Haven't thought too much about this, but it would be great if we could use webauthn here
Merged
marten-seemann
commented
Jan 22, 2023
Comment on lines
+32
to
+36
| ### On-Demand Server Authentication | ||
|
|
||
| In order to learn and verify the server’s peer ID, the client MAY use a challenge-response protocol. The client issues a POST request to a predefined HTTP endpoint, and the server signs this value (concatenated to a const string) with its private key. It then transfers its public key and the signature to the client. | ||
|
|
||
| TODO: this is really straightforward, but we need to specify how exactly this works |
There was a problem hiding this comment.
This doesn't work for the reasons outlined in #508 (comment).
|
Closing this in favor of focusing on #508 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Building on a lot of discussions that happened prior to and during IPFS Camp, and with @MarcoPolo.