go-libp2p icon indicating copy to clipboard operation
go-libp2p copied to clipboard

Published 20 hours ago verified publisher icon libp2p

feat: make certificate validation / creation configurable

Open ethan-gallant opened this issue 8 months ago • 3 comments
trafficstars

This enables creation of private LibP2P networks over QUIC. This is beneficial since QUIC does not support pnet #1432 and it also enables unique authentication schemes. It also enables peers to establish a chain of trust with each-other.

ethan-gallant avatar Feb 27 '25 00:02 ethan-gallant

Can you explain how it enables Pnet? Looks like you'll run into this specific problem: https://github.com/libp2p/go-libp2p/issues/1432#issuecomment-1106666968

sukunrt avatar Feb 27 '25 15:02 sukunrt

Can you explain how it enables Pnet? Looks like you'll run into this specific problem: #1432 (comment)

This doesn't directly implement the Pnet protocol. However it does enable the same use-case of being able to create a private network of LibP2P peers with a pre-shared key.

ethan-gallant avatar Mar 11 '25 01:03 ethan-gallant

In its present form, allowing arbitrary TLS configuration, this will be too much maintenance burden. I am willing to review / maintain a solution that works for: https://github.com/libp2p/specs/issues/489

Note, the problem with signing certificates with psk is that you now have to protect the psk as well as all the TLS private keys that are produced, since compromising the signed certificate & the private key will allow anyone to join the private network. See: https://github.com/libp2p/go-libp2p/issues/1432#issuecomment-1106666968

sukunrt avatar May 16 '25 09:05 sukunrt