Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: key derivation for libp2p identities #28

Merged
merged 3 commits into from
Oct 18, 2023
Merged

Feat: key derivation for libp2p identities #28

merged 3 commits into from
Oct 18, 2023

Conversation

hsanjuan
Copy link
Contributor

Keeping track of identities when setting up gateways is a pain.

This allows choosing a single secret for all gateways in a deployment, and then deriving individual keys based on a given index. It also allows painless key rotation.

Once we add bootstrap/peering capabilities, this functionality will be extended and gateways will generate peer IDs for other gateways, look them up on the DHT and peer with them automatically. That is, we will use the DHT for service discovery, skipping manual peering configuration altogether.

Keeping track of identities when setting up gateways is a pain.

This allows choosing a single secret for all gateways in a deployment, and
then deriving individual keys based on a given index. It also allows painless
key rotation.

Once we add bootstrap/peering capabilities, this functionality will be
extended and gateways will generate peer IDs for other gateways, look them up
on the DHT and peer with them automatically. That is, we will use the DHT for
service discovery, skipping manual peering configuration altogether.
@hsanjuan hsanjuan self-assigned this Oct 17, 2023
@hsanjuan hsanjuan requested a review from aschmahmann October 17, 2023 10:10
keys.go Outdated Show resolved Hide resolved
Copy link

@AnomalRoil AnomalRoil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

keys.go Show resolved Hide resolved
keys.go Show resolved Hide resolved
main.go Show resolved Hide resolved
main.go Show resolved Hide resolved
@hsanjuan
Copy link
Contributor Author

Per convo with @aschmahmann on "why would you do this???":

  • The first and foremost reason is to simplify configuration management of a set of gateways by having a single secret to manage them all.
  • To his follow up question: "you don't need even that, they could have perfectly random ephemeral IDs which is even less configuration":
    • Yes, and that is supported with the semi-ephemeral libp2p.key file.
    • But having persistent IDs allows:
      • To have stable peering arrangements (as needed) with other parties/parts of the infra
      • To have auto-peering among members of the gateway set (in the future) by leveraging routing information in the DHT for known PeerIDs.
        • This allows us to, for example, build a distributed quota management system on top.

Sure there are other ways and you could get away without stable peer IDs but key-derivation is a good compromise between not having stable peer IDs at all and needing to configure each machine individually and track keys all over the place.

@hsanjuan hsanjuan merged commit e06e453 into main Oct 18, 2023
9 checks passed
@hsanjuan hsanjuan deleted the key-derivation branch October 18, 2023 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants