Giter Club home page Giter Club logo

Comments (5)

rawdigits avatar rawdigits commented on July 24, 2024

Of the three, I think the third is the most feasible. It is probably not obvious from the existing (limited) documentation, but the lighthouses are outside of the trust model in a way we would like to retain. A single compromised lighthouse cannot do much to disrupt a nebula network, because they simply return answers to queries, and do not coordinate with each other at all.

As you noticed, we do have blacklisting in the config file, which would allow this to be pushed out via a config management system, and is how we use it ourselves.

The ability for a central authority to blacklist nodes is something we've considered, but that power comes with a downside, which is potential for abuse. I am not opposed to this if there is a good solution, likely involving some kind of signed CA blacklist.

from nebula.

goireu avatar goireu commented on July 24, 2024

Thanks for the quick reply!
OCSP responses are signed, we could either use Nebula CA or an independent CA for checking OCSP responses.
Let's close this issue for now, I'll get back to you with a pull request in a few month when it is time to implement this feature (if I haven't found a better workaround in the meantime of course 😄)

from nebula.

vismiktor avatar vismiktor commented on July 24, 2024

Hello! Any updates on this feature?
@goireu did you manage to find a workaround?

from nebula.

goireu avatar goireu commented on July 24, 2024

Our current workaround is a mix of short lived certificates and blacklist, nebula configuration is regularly generated and fetched from a central API.

from nebula.

vismiktor avatar vismiktor commented on July 24, 2024

I see. Thank you!

from nebula.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.