Skip to content

Instantly share code, notes, and snippets.

@binki

binki/MANIFESTO.md

Last active April 16, 2017 03:25
Show Gist options
  • Save binki/08b365ad6bbd1d8c84dec0a00bcc8ceb to your computer and use it in GitHub Desktop.
Save binki/08b365ad6bbd1d8c84dec0a00bcc8ceb to your computer and use it in GitHub Desktop.
Download ZIP
#retrobox remote includes magical linking manifesto
Raw
MANIFESTO.md

Goals

Clients trust server certificates.

No more self-sighed certs. Use something like LetsEncrypt.

Use “mesh” topology

We currently have “star” topology. That means that when my server goes down everyone suffers. If when my server goes down, other servers could just directly connect to each other we could eliminate one style of netsplit. This would also recover from different situations better. Essentially, we would eliminate a single point of failure in the system—the “hub”

However, if networks happen correctly, this could result in all traffic being routed through a homeserver (beige-box.com) or bouncing back and forth between hemispheres ( ` seriocomicrhetoric <-> supertools <-> ohnopub binki).

Be secure enough for binki

Simply using sslclientcert auth has so many advantages over other modes of authentication in unrealircd. You can publish your links.conf without revealing any compromising information. You are not subject to certain modes of MITM (e.g., with pre-shared password auth if a man in the middle appears you’ll just tell him your password whereas with TLS cert auth, according to mathematicians, you will not give the man in the middle any ability to impersonate you by trying to authenticate against it and verify it (which should fail)).

Unfortunately, this has various impliciations and makes the whole management of the remote includes repository harder.

Shelved Goals

DNS Round Robin.

Doing this simply would be a problem of wanting all servers to have X.509 certificates with the same Common Name. This is an issue for various reasons. We’d either have to copy keys or do the LE manual process (does it have an equivalent to CSR on server, copy to RI system)

That is dirty anyway. Instead have one person manage certs in their own infra internally (i.e., soulman) which just issues redirect to connecting IRC clients to tell them to connect to a particular server. E.g., you connect to irc.anarchyirc.com, get one of two servers, and are told to connect to irc.ohnopub.net or supertools.coffee or whatever. Then each server can have its own identity and do its own LetsEncrypt stuff.

Current Solution

Server does this when getting new cert:

  1. run certbot thing via cron
  2. run post-new-cert script which does some curl command to give Remote Includes repo new cert

Use curl’s POST spuport to give both updated certificate and a per-server “API key” file. Right now it is considered unavoidable that the Remote Includes repository will need to have some way of decentralizing itself so that this can be more likely to succeed. Basically, the Remote Includes thing will accept the cert, rewrite the links.conf, and issue network-wide REHASH. How to make that semi-centralized thing decentralized? Is it too overcomplicatd to make it use git for the raw data so that if you have multiple RI server nodes they can be updated concurrently and automatically merge (as long as the data is carefully stored in an explicitly mergable format)? Maybe. That’s all I can think of though for now.

Meeting

Next meeting after binki comes up with a Proof of Concept will be 2017-04-21T01:00Z (2017-04-20T21:00 EDT).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment