Implement encryption

Part B specifies that all SiLA communication must be TLS-encrypted. Here is the implementation plan:

General:

SiLA Clients and SiLA Servers MUST always use TLS [...].

When servers are started without encryption, or clients connect to a server via an unencrypted channel, this must be explicit in the source code (e.g. insecure=True), and a warning must state that this violates the SiLA spec.

API plan for starting servers:

It is RECOMMENDED for SiLA Servers to use trusted certificates [...].

If a SiLA Server uses an untrusted certificate, [it] MUST send a [the] PEM-encoded CA uses as a TXT record.

Starting a server:

  • SilaServer.start(ip, port, private_key, cert_chain) starts the server with encryption
  • SilaServer.start(ip, port) generates a self-signed certificate, adds the CA as TXT record for discovery, warns about using an untrusted certificate, then starts the server with encryption
  • SilaServer.start(ip, port, insecure=True) warns that insecure connections violate the SiLA spec, then starts the server without encryption

API plan for connecting clients to servers:

A SiLA Client MUST NOT accept untrusted certificates [...] implicitly.

A SiLA Client MAY accept untrusted certificates [...] explicitly [...].

The client MAY reject servers that do not have the SiLA Server UUID stored in the certificate.

Untrusted certificates SHALL be accepted for setups using private IP addresses [...].

Without discovery:

  • SilaClient(ip, port, cert_chain) connects to servers with trusted certificate
  • SilaClient(ip, port, insecure=True) warns that insecure connections violate the SiLA spec, then connects to a server via an unencrypted channel
  • SilaClient(ip, port) does not exist

Client with discovery:

  • Discovery(cert_chain) only finds servers with trusted certificates
    • uses SilaClient(ip, port, cert_chain)
  • Discovery() only finds servers with untrusted certificates if the CA is in a zeroconf TXT record, and warns about untrusted certificates
    • extracts CA from TXT record, then uses SilaClient(ip, port, cert_chain)
  • Discovery(insecure=True) only finds servers running without encryption and must warn that this violates the SiLA spec
    • uses SilaClient(ip, port, insecure=True)
Edited by Niklas Mertsch