Add support for secure connection to hub #7765

Open
opened 2023-10-01 14:31:44 +02:00 by ben221199 · 1 comment
ben221199 commented 2023-10-01 14:31:44 +02:00 (Migrated from github.com)

At the moment, the SPV servers and LBRY Desktop only support plain text connections. However, for technical reasons, but also for security reasons, I think it should be a good practice if we add support for secure connections to the wallet server on port 50002. The reasons I see, are:

  • Secure connections are (mostly) able to use SNI, which (in my case) can be used for some technical tricks
  • Secure connections prevent others (e.g. the government) from spying what video's we have watched
  • MITM attacks will be not possible or at least be harder to do.

d14c9141db/ui/component/settingWalletServer/internal/inputRow.jsx (L51)

I think it is best to start making all the LBRY clients compatible with secure connections already, so that platforms which already provide secure servers can add them; after that, we can focus on upgrading the LBRY servers to a secure version too.

Note: I'm not advocating for dropping plaintext and 50001. I think we should keep that one too.

At the moment, the SPV servers and LBRY Desktop only support plain text connections. However, for technical reasons, but also for security reasons, I think it should be a good practice if we add support for secure connections to the wallet server on port 50002. The reasons I see, are: - Secure connections are (mostly) able to use SNI, which (in my case) can be used for some technical tricks - Secure connections prevent others (e.g. the government) from spying what video's we have watched - MITM attacks will be not possible or at least be harder to do. https://github.com/lbryio/lbry-desktop/blob/d14c9141db0bfa2db9b5dcf78fcaa72912cc767a/ui/component/settingWalletServer/internal/inputRow.jsx#L51 I think it is best to start making all the LBRY clients compatible with secure connections already, so that platforms which already provide secure servers can add them; after that, we can focus on upgrading the LBRY servers to a secure version too. Note: I'm not advocating for dropping plaintext and 50001. I think we should keep that one too.
ben221199 commented 2023-10-01 15:01:37 +02:00 (Migrated from github.com)

My suggestion for UI change is:

  • Add selector with options TCP (the default) and SSL/TLS.
  • Keep the host field, but add support for IPv6.
  • Make the port field optional. The default port (and placeholder) for TCP is 50001 and the default port (and placeholder) for SSL/TLS is 50002.

The other option is to make it just one field where you can enter in the form hostOrIP:port (TCP), tcp://hostOrIP:port (TCP), ssl://hostOrIP:port and tls://hostOrIP:port. Note that in this case, IPv6 address should definitely go between [ and ].

My suggestion for UI change is: - Add selector with options `TCP` (the default) and `SSL/TLS`. - Keep the host field, but add support for IPv6. - Make the port field optional. The default port (and placeholder) for TCP is `50001` and the default port (and placeholder) for SSL/TLS is `50002`. The other option is to make it just one field where you can enter in the form `hostOrIP:port` (TCP), `tcp://hostOrIP:port` (TCP), `ssl://hostOrIP:port` and `tls://hostOrIP:port`. Note that in this case, IPv6 address should definitely go between `[` and `]`.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/lbry-desktop#7765
No description provided.