Does libP2P support CA(Certificate Authority)?(For example, I want to use libP2P to create a coalition that requires an access mechanism to enter)
Libp2p does not support the CA system, but you can limit access to a swarm:
- You can configure a pre-shared key (https://pkg.go.dev/github.com/libp2p/go-libp2p?tab=doc#PrivateNetwork), limiting access to those with the same pre-shared key.
- You can implement a connection “gater” (https://pkg.go.dev/github.com/libp2p/go-libp2p?tab=doc#ConnectionGater) that filters peers by peer ID (assuming you have some list of allowed peer IDs).
1 Like
thank you. I have another question, how to generate the pre-shared key (pnet.PSK) ,which is the parameter in the PrivateNetwork.
If I use ConnectionGater, does it also prevent relays ?
I mean if node B is in allowed peers of Node A, can the below connection happen?
node B → Relay → node A
Does there any way for use to use CA system, or we can implements a go-libp2-tls which support CA system?
If you mean the CA system (for websites), that would be pointless. If you mean a system for refusing connections from untrusted peers:
- Users usually use pre-shared keys (private networks).
- You could implement a custom connection gater.
Thanks. And what do we need to do in libp2p if our pre-shared keys (private networks) is leaked? Do we need to restart all peers and give them a new pre-shared keys (private networks)?
Yes. A better approach would be to use a custom connection gater, but there’s no built-in support for this.