New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft a spec to do Peer ID Authentication with Keying Material Exports for TLS #629

Open

MarcoPolo opened this issue Sep 4, 2024 · 0 comments

Labels

Contributor

MarcoPolo commented Sep 4, 2024

Meta and caveats:

Creating this issue to track my current thoughts here.
We may not even need/want this as we may prefer doing something with The Concealed HTTP Authentication Scheme.

This could serve as an alternative to our current TLS PeerID authentication scheme which uses certificate extensions to authenticate.

Pros:

This would allow us to easily use a standard CA issued certificate and still have PeerID authentication.
Use the same TLS cert for HTTP transport and stream transport.

Cons:

One more way of doing peerid authentication.
Will be subsumed once The Concealed HTTP Authentication Scheme is published (and available in browsers).
Still doesn't work in browsers. See HTTP PeerID Auth for something that does.

I'd recommend holding off on this for now and investing the energy from here into a spec that makes use of The Concealed HTTP Authentication Scheme.

MarcoPolo added the explorative label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment