New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP: Peer ID Authentication #564
base: http
Are you sure you want to change the base?
Conversation
http/peer-id-auth.md
Outdated
|
||
1. The server initiates the authentication by responding to a request that must | ||
be authenticated with the response header `WWW-Authenticate: Libp2p-Challenge | ||
challenge="<base64-encoded-challenge>, Libp2p-Challenge-Server-Only"`. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use structured fields here, or is this one of the legacy fields where retrofitting sf was too difficult?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's one of those legacy fields unfortunately. I did a version with sfv, but it was a bit too awkward.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Marco!
A few thoughts. I think we could split this into two flows: Libp2p-Challenge-Client
and Libp2p-Challenge-Server
and specify that they can be combined as necessary or used standalone.
I've update the spec with a couple changes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! I've made a few more comments but this looks sound from my end :)
I've removed the peer id authentication scheme from the core spec of #508 for a couple reasons:
On 2, this is the first time we are doing a peer id auth scheme that relies on web PKI, and thus has slightly different security properties than what we've done in the past. Instead of tying a peer id to an underlying encrypted channel we are tying it to a domain name. If the client can't trust the domain name (e.g. has enterprise root CAs installed) then their connection can be mitmd. In practice I don't think this is a serious concern because: