This repository has been archived by the owner on Oct 13, 2022. It is now read-only.
deterministically generate certificates, to survive host reboots #2
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We can generate a (cryptographically secure) (pseudo-)random value from the host's private key as an input to our certificate generation mechanism.
Furthermore, we can set the validity period of the certificate such that it is independent from the boot time of the node.
This would allow us to generate certificates with deterministic (but still unpredictable) hashes, which means that our multiaddr (which includes the certificate hash) would survive reboots of the node, even if all state (except for the private key) is lost.
The text was updated successfully, but these errors were encountered: