Leverage OpenCloud public keys for distributing Syndicate slice secrets

Question

Leverage OpenCloud public keys for distributing Syndicate slice secrets

Closed this issue 9 years ago · 4 comments

As part of beta, syndicated.py pulls its shared slice secret directly from OpenCloud, and it gets sent in the clear. This is obviously insecure.

We don't yet know what the public-key infrastructure for OpenCloud will be like.

If there is a sliver-specific key pair, then the Syndicate Observer should encrypt the sliver credentials with it. Syndicated.py should look up the sliver private key to decrypt it.
If there is a slice-specific key pair, then the Syndicate Observer should encrypt the slice credentials with it. Syndicated.py should look up the slice private key to decrypt it.
If there is a node-specific key pair, then the Syndicate Observer should encrypt the sliver credentials with it. Syndicated.py should look up the node private key to decrypt it.

ASIDE: what I think should happen is there should be a node key pair, with the public key registered to OpenCloud. Upon instantiation, the sliver should generate a key pair, and send the public key signed by the node private key to OpenCloud, for other services (like the Syndicate Observer) to look it up.

Answer 1 · 2015-06-12T04:54:09.000Z

We can do better: Leverage Passcards and a cryptocurrency miner to do this instead.

Answer 2 · 2015-06-16T15:06:54.000Z

Yes, that'd be awesome!

Answer 3 · 2016-03-10T02:14:43.000Z

We'll deploy Blockstack DNS at each site.

Answer 4 · 2016-04-04T17:50:15.000Z

The automounter now has a pluggable interface for handling multiple different authentication mechanisms. Will go ahead and close this here, and deal with this particular issue on the automounter issue tracker.