Go-ipfs: private networks -- shared key or with a PKI

Can you elaborate? I am currently thinking about exchanging private data via IPFS, and how to ensure that the data can stay within a controlled cluster. (Think medical images in a hospital, which has strict requirements w.r.t. leak prevention.)

@hmeine we will allow creation of _completely private_ IPFS networks. the plan is to:

1. (trivial impl): use a single shared symmetric encryption key, and encrypt the transport with it
2. (harder impl): use a PKI and only connect to trusted nodes who either
   
   
   
   • (a) present a valid certificate,
   
   
   • (b) can be checked online
   
   

(we want to support both PKI use cases because both are good models, with strong proponents and importantly different threat models)

This issue is really about mode (1) (shared key). but we will implement both eventually. (1) should work for you fine, but will leave it up to you to do key rotation to ensure long term security (as nodes join / leave the network, or as human operators join / leave the organization)

tl;dr: once this is fixed, you'll be able to start your nodes with:

ipfs daemon --transport-shared-key <current-key>

and you can rotate <current-key> however you want.

Thanks for the explanation. This would be really useful for our use case, it seems.
It also looks relevant to https://github.com/ipfs/go-ipfs/issues/961, don't you think?

Hi. You mentioned the end of Sept last year that this was coming soon. Can you provide an update of where we are and how this fits with priorities. Am interested in this and want it to be compatible if possible or contribute. Do you have a blueprint?

I'm also interested to know the current state of private network support.

http://ilpubs.stanford.edu:8090/626/1/2003-74.pdf discusses a hierarchical DHT. This generates an onion-like structure of accessability domains. I think this is a very flexible and elegant way to achieve privacy in a distributed system.

Originally, I wanted to implement this from scratch for my usecase (research data publication with institute file space < university file space < global filespace), however, since I found out about IPFS, I wonder whether something like that can also be achieved in the IPFS ecosystem.

@troyronda has a proposal about trust management here: https://github.com/securekey/go-ipfs/blob/a2c73ac501f602a2dbbe5260ec7e7fec4d30ee60/docs/trusted-private-network.md

Where can one comment on this proposal?

The thread is here: https://github.com/ipfs/notes/issues/146

:+1: Thanks for supporting private ipfs networks with shared key #3697
I'm using it on production to backup large files.

@salsa-dev Thats great to hear! If you have any feedback on it we would love to hear it here: https://github.com/ipfs/go-ipfs/issues/3404

I'm closing as the original discussion for this was resolved by choosing shared key, and it is a libp2p-land feature these days anyway.