Skip to content

feat: tls #261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Dec 23, 2022
Merged

feat: tls #261

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
fc0f4c0
add content for tls
salmad3 Dec 5, 2022
210c724
lint
salmad3 Dec 5, 2022
ec025a6
enhance + edits
salmad3 Dec 5, 2022
1113f44
Apply suggestions from code review
salmad3 Dec 12, 2022
b2258ec
incorporate feedback and simplify tls content
salmad3 Dec 12, 2022
1e861fd
modify ITU callout to general note
salmad3 Dec 12, 2022
8fe74e2
Apply suggestions from code review
salmad3 Dec 12, 2022
cfb107e
refine tls in libp2p
salmad3 Dec 12, 2022
5485e2b
Apply suggestions from code review
salmad3 Dec 14, 2022
8582cfa
add introductory phrase
salmad3 Dec 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 45 additions & 2 deletions content/concepts/secure-comm/tls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,48 @@ aliases:
- "/concepts/secure-comm/tls"
---

<!-- ADD NOTICE -->
Coming soon!
TLS (Transport Layer Security) is one of the security handshakes used to secure transports
that don't have built-in security (e.g. TCP, WebSocket). [Noise](noise), an alternative to
TLS, is also another security handshake used to secure transports.

## What is TLS?

TLS (Transport Layer Security) is a cryptographic protocol that establishes a
secure data channel. TLS provides encryption, authentication, and data integrity.

During the TLS handshake, a secure connection is established between a client
and a server. After the handshake completes, both sides have derived a key
(the TLS master secret) that's only known to the two parties and is then used to
encrypt application data sent over the channel.

### What is TLS 1.3?

TLS 1.3 is a new version of the TLS protocol, published in 2018 in
[RFC 8446](https://www.rfc-editor.org/rfc/rfc8446). It brings several
improvements over TLS 1.2: the latency of a handshake was brought
down from 2 to 1 network round trips (in the typical case), the privacy
properties were improved by encrypting the certificates, and the protocol
was made simplified to reduce implementation complexity.

## TLS 1.3 in libp2p

**libp2p doesn't use TLS versions older than 1.3.**

### Handshake

libp2p uses the TLS 1.3 handshake to establish a secure connection between two peers.
Peers authenticate each other's libp2p peer ID during the handshake.

TLS 1.3 is identified during protocol negotiation with the following protocol
ID: `/tls/1.0.0`.

Peer authentication works by encoding the public key into the TLS certificate.
We designed the system to authenticate key types usually not
supported by TLS stacks, such as sepc256k1 (a key type that can be used for
libp2p keys).

When processing the TLS certificate, nodes derive the peer ID from the public key that
they received. The node initiating the connection checks that it matches the peer ID of the node
it intended to connect to.

{{< alert icon="💡" context="note" text="See the TLS <a class=\"text-muted\" href=\"https://github.com/libp2p/specs/blob/master/tls/tls.md\">technical specification</a> for more details." />}}