keeping someone out / daemon keys

Parke parke.nexus at gmail.com
Sat Sep 1 04:32:11 CEST 2018


On Fri, Aug 31, 2018 at 6:17 PM, Corey Boyle <coreybrett at gmail.com> wrote:
> Is it possible for daemonA and daemonB to communicate without having
> exchanged public keys?

If only A and B are nodes, then I believe the answer is no.

> If daemonA and daemonB have exchanged keys, and daemonA and daemonC
> have exchanged keys, can daemonA and daemonC communicate with each
> other?

I take it you mean to ask if B and C can communicate.

Yes.  Any single trusted node can add any number of additional trusted
nodes to the network.  Any single node can introduce a new node, and
all nodes will trust the new node.

There are some experimental settings that might reduce the level of
trust somewhat.  I am aware that these experimental features exist,
but I am unfamiliar with the specifics.

> To ask it another way, how do I prevent an unauthorized daemon from
> joining the VPN?

Trust all your nodes.  Don't let any single node become compromised.

Cheers,

Parke


More information about the tinc mailing list