Implement registration function#29
Conversation
vqhuy
commented
Jul 22, 2016
vqhuy
commented
- Should resolve Implement registration #28
There was a problem hiding this comment.
This file should be in server/, no?
There was a problem hiding this comment.
My intention is it just a sample usage of the library.
There was a problem hiding this comment.
Ok, then please rename it to main.example.go or some such, and add a comment at the top of the file indicating the intention.
There was a problem hiding this comment.
I still think it should be in server/ though, since it's a sample usage of this package.
Also, the server/README.md seems to describe it that way.
There was a problem hiding this comment.
The layering approach is also interesting and I can be convinced of it.
I think there's a little more layering we can do, though I agree that any server executable we build should be considered to be a reference implementation. Other developers might want to have a different server architecture, and we should allow for that. As @c633 and I had originally thought, I think the protocols package should also include a high-level API for the CONIKS protocols and transparency operations: registration, lookups, key changes, updating the directory and generating (and publishing) new STRs, all of these with the option to store them to a DB. The handlers in the reference implementation could then simply use this API. How does this sound?
But how I originally thought about these was that they'd be separate processes, and the server would only accept registrations from the privileged places (ie. only registrations from localhost)
Also agree on this one. This also just seems like a configuration in the server, no?
There was a problem hiding this comment.
But how I originally thought about these was that they'd be separate processes, and the server would only accept registrations from the privileged places (ie. only registrations from localhost)
I would like to count @liamsi in, since we all agree on this.
This also just seems like a configuration in the server, no?
I don't think so, since the server also has to accept lookup requests, too. I just have only 2 solutions for this:
-
We can check if the registration requests are originated from the localhost or not. (something like
conn.RemoteAddr() == conn.LocalAddr()). But I don't know whether there is any type of attacks that can fake the remote address? -
Sign the request with registration bot's private key, and the key server verifies the request using the bot's public key. This way, the bot and the key server can run on 2 separated machines.
What do you think?
There was a problem hiding this comment.
But how I originally thought about these was that they'd be separate processes, and the server would only accept registrations from the privileged places (ie. only registrations from localhost)
I would like to count @liamsi in, since we all agree on this.
I also thought about it in exactly this way. But I also agree on the security concerns @c633 raised below.
We can check if the registration requests are originated from the localhost or not. (something like conn.RemoteAddr() == conn.LocalAddr()). But I don't know whether there is any type of attacks that can fake the remote address?
I fear this alone doesn't give you any reasonable security. We have to find ways to additionally secure that (firewall/network setup, TLS). But all this makes only sense if we want both processes also to be able to run on different machines (on the same machine they could use other means to communicate with each other).
There was a problem hiding this comment.
I fear this alone doesn't give you any reasonable security. We have to find ways to additionally secure that (firewall/network setup, TLS). But all this makes only sense if we want both processes also to be able to run on different machines (on the same machine they could use other means to communicate with each other).
That's why I suggest the 2) option.
There was a problem hiding this comment.
I had assumed we'd accept registrations on a separate port, and have the firewall restrict access to it. But 2) is also a viable option. Does anyone have a strong preference?
vqhuy
force-pushed
the
server-registration
branch
from
07f39af to
e731ef9
Compare
There was a problem hiding this comment.
Should I put it into a sub-directory, namely bin? /cc @masomel
There was a problem hiding this comment.
Isn't bin conventionally the place where compiled binaries are placed? Maybe naming the package something like keyserver or coniksServer would be more descriptive.
There was a problem hiding this comment.
If so, I would move all the source files except main.example.go into coniksserver subpackage.
Never mind. I got your idea.
vqhuy
changed the title
There was a problem hiding this comment.
If we split the reusable server code and the executable implementation into separate packages, I would include this module in the "reusable" package.
There was a problem hiding this comment.
Looks like this is being discussed as part of the #29 (comment) thread.
There was a problem hiding this comment.
I think it is done in 78db200a2a10b46ece5c5a973d384e3bbe330921
vqhuy
force-pushed
the
server-registration
branch
from
fd73f1c to
8be171f
Compare
There was a problem hiding this comment.
Now that we've split up the code, I think the description here should be something like "Key server executable" or "Key server reference implementation".
vqhuy
force-pushed
the
server-registration
branch
4 times, most recently
from
a6c0c26 to
8e1b496
Compare
There was a problem hiding this comment.
Seems like you're cutting off just one letter from directorSize. If you want to abbreviate, maybe just call it something like dirSize?
There was a problem hiding this comment.
Oh sorry. :(
Btw, dirSize sounds good!
| signKey sign.PrivateKey, dirSize uint64, | ||
| useTBs bool, capacity uint64) *ConiksDirectory { | ||
| d := new(ConiksDirectory) | ||
| d.policies = merkletree.NewPolicies(epDeadline, vrfKey) |
There was a problem hiding this comment.
d.SetPolicies(epDeadline, vrfKey)
|
This pull is very big and unwieldy. I think you should break it up into a few new pulls,
Then we can close this conversation with 180+ comments that's threatening to crash my browser. |
|
Thanks for all your feedback so far! I'm working on this!
Yes, I totally agree!
Me too. That's my bad. I'm sorry! |
One more question, are we going to wait to open this pull after the protocol pull is merged? It seems only pulls for the protocol and the policy/util stuff were created. |
4 participants
