So I was going over this with Michal today and it’s very interesting, how do we handle the task of securing the exit and peer to peer endpoints? Do we even need to?
As a quick introduction we have a series of http endpoints that we use for most communication, in fact we use it for everything that’s not Babel or our initial peer discovery which by definition needs UDP to be multicast. For the peer to peer uses of these sockets (hello message essentially and later payment messages) security is questionably needed at all.
For the hellos we can generally assume that if your on a broadcast domain you can’t reliably MITM (since it would just hear both messages) and even then being the man in the middle of two peers doesn’t provide any advantage to just forwarding the traffic yourself. The worst case scenario here is some sort of payment MITM, but payments should go over the encrypted per hop tunnel. I’m not even sure how payment MITM would be profitable except as maybe a trust rating think.
The question occurs to me that we may want to secure all of our api calls as a matter of principle, simply because ‘it should go over a tunnel’ is something that you usually end up screwing up. There’s no reason to turn a traffic data leak into a payment highjacking vulnerability if we don’t have to.
The real and immediate issue here is the exits. We pre-exchange an exit’s Wireguard key and it’s Eth key, but ideally we would reduce the amount of configuration for the exit to just it’s mesh-ip or even some sort of domain name that we could resolve to a mesh ip. There’s also the matter of signup info (currently email) and internal exit ip that get sent back over cleartext http. It’s not good practice even in our isolated testing meshnets.
The options available to us are
- Sign everything ourselves with eth key or wireguard key
- self signed https where we figure out key exchange
- ‘real’ https where we somehow have both the exit ip and a ‘real’ domain name to verify against
In all of these we have to deal with some sort of preexchanged info, the question is what and how easy it is to manage.