DATE TBD Meeting notes: COMMS certificates


Jan 8, 2019


  • @Kelly Foster

  • @Tomáš Virtus

  • @Pawel Szulc (Unlicensed)

  • @Sebastian Bach

  • @Former user (Deleted)

  • @Lucius Meredith


A discussion about why we use a certificate for TLS in the COMMS layer that is different from the key used for Casper verification came out of the 20180108 community test. Decision at the end of the testing debrief was to continue the conversation at another time and to review notes from previous related discussions before recommending on a change (ex keep or remove TLS).

Discussion topics





Docs from the past related to this conversation

Paste from Discord conversation

wokyToday at 9:45 AM
Continuing from discussion: I think it'd be best to go with custom encryption using NaCl. NaCl provides primitives we can trust (don't quote me on that). Many concept from TLS don't map to RChain.
Though AFAIR gRPC uses HTTP/2 which depends on TLS.
sebastianToday at 9:56 AM
TLS is not required in gRPC. We can exchange messages without encryption
wokyToday at 9:56 AM
Wikipedia says it uses HTTP/2 for transport.
sebastianToday at 9:57 AM
yes. But HTTP/2 is not TLS
wokyToday at 9:57 AM
But TLS is mandatory for HTTP/2 AFAIK
sebastianToday at 9:57 AM
is it?
2 (two) is a number, numeral, and glyph. It is the natural number following 1 and preceding 3.
wokyToday at 9:59 AM
It is de facto mandatory it seems.
Sebastian today at 9:59 AM
wokyToday at 9:59 AM
Yeah, but then it'd make more sense to use TLS for gRPC and not invent custom ... TLS
sebastianToday at 9:59 AM
but this is only true for browsers
wokyToday at 10:00 AM
We were discussing lack of certificate checking in post-test-session meeting.
sebastianToday at 10:00 AM
we can transport encrypted messages over not encrypted http
but this would only make sense for packets
other messages wouldn't get encrypted at all
wokyToday at 10:03 AM
Is it a worry that Kademlia is unencryted?
If someone is monitoring your network she can find destination of your outgoing packets anyway.
sebastianToday at 10:04 AM
no, it's only used for a discovery of other nodes(edited)
wokyToday at 10:05 AM
So it only make sense to encrypt gRPC traffic to achieve confidentiality of your interaction in network. But then, anyone can join the network.
sebastianToday at 10:07 AM
yes, anyone can join the network. But we validate certificates at RChain protocol level when connecting two nodes
wokyToday at 10:07 AM
Still, TLS can be intercepted.
Or not?
sebastianToday at 10:07 AM
no really, because we require that the CN in the certificate is the node id
wokyToday at 10:08 AM
What prevents me from making my own node id and forward traffic between victim and network?
sebastianToday at 10:09 AM
and the id of the node is the public key of the certificate
wokyToday at 10:09 AM
I can create my certificate like this and still intercept traffic.
Only difference is that my node will be seen on network with different ID.
Than ID of the victim.
sebastianToday at 10:10 AM
no, if I want to connect to node with id abc then you can't create a certificate that produces abc without having the private key
but the problem is that the certificate is meaningless. The private key of the cert is not used in the blockchain
it's not the validators secret key
wokyToday at 10:13 AM
Hmm. Good point. Let me think about that. :smiley:(edited)
sebastianToday at 10:14 AM
so you can't intercept the communication between two nodes. But you can create some certificate and participate in the communication :smiley:
wokyToday at 10:15 AM
Node ID is the hash of the public key, right?
sebastianToday at 10:15 AM
we had once this dream, that we would use the validator private key as the certificate private key
wokyToday at 10:16 AM
Well then, if I intercept Kademlia, I can send you fake Node IDs.(edited)
sebastianToday at 10:16 AM
what does fake mean?(edited)
wokyToday at 10:17 AM
I mean IDs of certificates I generate. But I'm now a little bit confused...
sebastianToday at 10:17 AM
you can send me node ids of your evil nodes
and the communication with these evil nodes will be secure. whatever that means :smile:(edited)
wokyToday at 10:18 AM
Well, I'll be standing in the middle, so I'll create you illusion of network via Kademlia, decrypt gRPC traffic (sicne I sent you fake node IDs corresponding to my certificates), and forward your traffic to real nodes. Sure I won't be able to modify traffic since integrity is handled by Casper, by I'll see your interaction.(edited)
sebastianToday at 10:19 AM
yes, you can participate in the network. There is no anonymity
wokyToday at 10:19 AM
That's what I'm thinking. If everyone will see what you do if they're in network anyway, what's the point of encrypting traffic?
sebastianToday at 10:20 AM
yes, that's right. Encryption is useless if anyone can participate
there is no concept of trusted nodes in RChain. And I believe there will never be one(edited)
this is the price of decentralization
wokyToday at 10:22 AM
I'm not saying that's bad. But I hate those damn IDs in node URLs. They're useless. :smiley:
sebastianToday at 10:23 AM
it`s like you would say that domain names are useless
wokyToday at 10:24 AM
Well, domain names are (/ can be) at least readable. These IDs correspond to public keys whose existence is meaningless.(edited)
sebastianToday at 10:25 AM
if Casper guarantees the integrity of messages then we can drop TLS and the long URLs
wokyToday at 10:25 AM
Sure it'd be great to have some kind of decentralized DNS, but our IDs are nothing like it.
sebastianToday at 10:27 AM
but on the other hand. Maybe later RChain will support KYC and registered public keys. Then it would make sense to keep the current system
wokyToday at 10:27 AM
But you can prove your identity already with validator keys.
sebastianToday at 10:27 AM
it's then like public keys in SSH
wokyToday at 10:27 AM
But why another keypair?
sebastianToday at 10:28 AM
as I said, I would love to use the validator key for TLS :smiley:
wokyToday at 10:28 AM
but haven't we just agreed, that TLS is pointless in our case?(edited)
sebastianToday at 10:29 AM
at this moment it seems pointless. But I don't know all future use cases
wokyToday at 10:30 AM
That's like keeping random code in your codebase in case an use case comes for it in future.
sebastianToday at 10:32 AM
I need to discuss this with @pawel tomorrow
Have to go now
wokyToday at 10:32 AM
In other words, since it doesn't work now, it'd be better to come up with something that works in future rather than to keep it and try to fix it when need for confidentiality arrives.(edited)
sebastianToday at 10:35 AM
I believe we need to discuss this also with @Kent and Greg
KentToday at 10:40 AM

if Casper guarantees the integrity of messages then we can drop TLS and the long URLs

Yeah it does. I think TLS might be useful for a far-future feature of node reputation at the comm level.

Action items