Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authentication for client capabilities. #16

Closed
2 tasks
lthibault opened this issue Apr 21, 2022 · 2 comments
Closed
2 tasks

Add authentication for client capabilities. #16

lthibault opened this issue Apr 21, 2022 · 2 comments
Assignees
@lthibault
Labels
enhancement New feature or request security Has security implications
Milestone
v0.1.0

Comments

@lthibault
Copy link
Collaborator

This is a two-part task:

  • Design capability authentication protocol
  • Consider collapsing per-capability protocol.IDs into a single endpoint.

Capability Authentication

// TODO ...

protocol.ID and RPC Considerations

Splitting capabilities into their own protocol.ID endpoints is expected to have a measurable impact on performance. However, this warrants an investigation into security implications.

Pro

  • Per-object flow-control
  • Per-object transport streams can improve performance (esp. w/ QUIC)
  • Modularity at the libp2p level

Con

  • Requires per-capability authentication
    • Increases size of ambient-auth <--> capability boundary
    • But perhaps we can mitigate this by reusing exactly the same auth code for each stream?
@lthibault lthibault added enhancement New feature or request security Has security implications labels Apr 21, 2022
@lthibault lthibault added this to the 0.1.0 Public Beta Release milestone Apr 21, 2022
@lthibault lthibault self-assigned this Apr 21, 2022
@lthibault lthibault mentioned this issue Jul 7, 2022
Closed
@lthibault lthibault mentioned this issue Jul 15, 2022
Open
@lthibault
Copy link
Collaborator Author

https://github.com/wetware/ww/issues/40#issuecomment-1185737085 argues against per-capability protocol handlers.

@lthibault lthibault mentioned this issue Aug 11, 2023
Closed
@lthibault
Copy link
Collaborator Author

Implemented in v0.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lthibault lthibault

Labels
enhancement New feature or request security Has security implications
Projects
None yet
Milestone
v0.1.0
Development

No branches or pull requests
1 participant
@lthibault