The initiate_packet of the crypto handshake contains the long term public key of the plugin that wants to connect. This key should be checked against a list of white listed plugins. There should be a way to allow arbitrary connections (effectively disabling authentication).
Proposal
The white listing can be done via file structure. There is a directory that contains sub directories with the white listed and black listed plugin public keys.
plugins
|-- whitelisting
|-- plugin1.pub
|-- plugin2.pub
|-- blacklisting
|-- plugin3.pub
The keys are hold in memory so reading files is only needed at start or by manually triggering an update.
The directory containing the corresponding keys should be given in .boxrc file. In the above example the entry might be pluginkeydir /path/to/plugins.
The
initiate_packetof the crypto handshake contains the long term public key of the plugin that wants to connect. This key should be checked against a list of white listed plugins. There should be a way to allow arbitrary connections (effectively disabling authentication).Proposal
The white listing can be done via file structure. There is a directory that contains sub directories with the white listed and black listed plugin public keys.
The keys are hold in memory so reading files is only needed at start or by manually triggering an update.
The directory containing the corresponding keys should be given in
.boxrcfile. In the above example the entry might bepluginkeydir /path/to/plugins.