-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implemented a Basic TLS #34
Conversation
macSize = 64 | ||
} | ||
|
||
for { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer if all of this wasnt a single anonymous function inside of handshake, if we could break this down a little that would be nice (and slightly more readable!)
tl;dr: this is not yet audited. we need to audit a lot of stuff, so merging in with the massive disclaimer that this is not yet known to be secure.
|
cc @perfmode @cleichner if you want to help CR something |
doesn't this leak metadata - who is connecting to who? isn't it possible to be encrypted from the first byte by doing the EECDH exchange first? |
@dominictarr Yep. But afaik IPFS has no interest in anonymity and following TLS' pattern of authenticating and verifying the secure channel before using it for anything important makes me feel warm and fuzzy inside (and is probably a good way to avoid strange vulns). |
@dominictarr Unless you know who you're connecting to beforehand, a listener you're connecting to will have to get your public key. But yes, fair point, there could be two modes, for initializing connections to new unknown public keys, and for known ones. |
If you are gonna use something similar to tls why not just use tls? I think there are two strong positions here - either use something that is so well studied and the other strong position is making something so simple that it's obviously secure. I think the possibility for simplicity is considerable here, given that, ipfs, etc, doesn't rely on the security of the connection for it's security. the data is already secure, and it' would still be secure |
@dominictarr Because TLS is designed for a server-client model and heavily utilizes CAs--both of which are contrary to IPFS' design. There's also the point that TLS is incredibly complicated and has a lot of legacy to it, which makes it hard to re-implement securely in situations where we don't have access to standard TLS libraries. The protocol is already as simple as possible while still satisfying the requirements placed upon it. (Those requirements being forward secrecy, mutual authentication, confidentiality & integrity of data, in addition to being extensible.) Edit: I realized there was a point I could address. The reason it's better to build a secure channel is largely because of the mutual authentication. Before I wrote this, that's all that was being done--you authenticate each other and then you go back to communicating in plaintext. That scheme achieves its objective in the presence of malicious actors inside the network, but it doesn't do anything to deter active adversaries (outside the network). So you come to the point that all the hard bits are done--it's incredibly cheap to just build the rest of the secure channel and then I get the guarantee that if I contact Alice, I know that everything I read is legitimately from Alice. |
I agree that we should keep the protocol as simple as possible to allow it to be easily audited and understood. TLS is great, but has way too much baggage for what were after |
okay to be honest, I am not well versed on exactly how complicated tls is, I can imagine it's more complicated than this, though, sure. But I just feel that this could be even simpler. There are really two distinct things here - privacy and security. ipfs is secure even over plain text, If you just did privacy, and required the application/next layer to handle authentication and integrity then you could simplify this. And if you had an out of channel way of setting the parameters then you would not need cipher suite negotiation you could just put |
Reverse engineering someone's TLS implementation is a multi-week effort (I've done it). This protocol took me a few hours to design and implement. It took a few minutes to figure out how it worked after I'd been away from the codebase for a while. This is only a few hundred lines, whereas TLS implementations are thousands of lines. Personally, I think it's incredibly easy to reason about the security of this, and I would think you do too since you started finding caveats within minutes of being told where the code was.
I don't know what either of those words mean in this context... I'm guessing confidentiality and integrity? If so, as I said, confidentiality was added for the reason "why not?" and integrity is there so that I know everything I read off of my channel with Alice was actually written by Alice and meant for me--remember, there'll be more going through our channel than items from the DAGStore. Information about Alice's health, what she wants, what she knows.
Disregarding the fact that the logic is circular and that this doesn't add anything, how is putting information into an incredibly complex system of computers simpler than just sending it over the wire to people who ask? |
Okay good point, this is relatively simple. But, I think you should consider the out-of-band ciphersuit thing. Sure, you could negotiate a different suite, but you can't remove the negotiation, In a p2p system like ipfs, there is already a lookup to go from a peer id (i.e. hash(pubkey)) |
So like this: # current multiaddr
/ip4/10.20.30.40/tcp/1234/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es
# multiaddr specifying tls cypher
# 0xcc14 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
/ip4/10.20.30.40/tcp/1234/tls/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/
# some future
/ip8/QmZSWmvJdrjtUo9TAVnRn/sc/cc14/ipfs/QmZSWmvJdrjtUo9TAVnRnRZbMfgcVbMbwMBhvsYTjBZ9es/ |
@dominictarr The protocol is already trivial to upgrade. Want to add a new cipher? Implement it and add it to the supported ciphers list. You never remove negotiation because there is always a need to negotiate something. TLS (even dating back to SSL) has never changed the ClientHello and SeverHello messages because there's no reason to.
The protocol is always going to be trivially distinguishable from random. There's structure to the timing of messages in the protocol. There's structure in the objects sent. IPFS nodes will always behave in predictable ways (unless @jbenet decides to recast the project as a DRBG). If I look up someone's preferences in the DHT, I can calculate the suite we should use because I have both variables, but how do I convey that knowledge to them if my only way of talking to them is walking up and just using the suite? Negotiation is a function of two variables, so how does the person on the other end make that calculation if they don't know anything about me?
If you're new to the network or have limited connectivity, how do you find someone's preferences to make a new connection to them to improve connectivity? How do you avoid the circular dependency of "I want to talk to Alice, so I need to look her up in the DHT, and that requires making a connection to someone, so I look them up in the DHT, which requires making a connection to someone, so I look..." |
I do agree that all the information in the handshake should be available in the DHT for lookup, but i do also think it needs to be in the handshake for the very same reasons @Bren2010 expressed in his last paragraph. |
So, i think the world has changed a lot since tls was conceived. The most important thing is how updates occur - I remember getting netscape navigator on a CDROM from my isp. Of course, you are not gonna get an update out very quick that way, and some people will never upgrade. Nowadays we have automatic updates - sure, that is back door, but lets say we can create a decentralized way to do something like that (I have ideas, we can discuss later) I don't think we have the same concern for legacy code with ipfs, etc. But also - http has a default port, and surfers follow links to your site, and you can't break links or you break the web. web protocols had to be on the same port. Ipfs does not have links that will break like this - because links are to data, not to servers. How does a new peer find the network? A completely new node still needs an entry point, right? If we need to keep the start list servers accessable, that start list could contain the cipher suite, or it could indicate that a negotiation handshake is used instead. Is this how ipfs will introduce nodes? |
Exactly.
Yes, we use a list of bootstrapping addresses, which include the node.ID (public key). e.g.
Note that all distributed systems have the bootstrapping problem and solve it effectively the same way. DHTs, bitcoin, even DNS (hard coded root For our purposes, we'll distribute signed, up-to-date bootstrapping list with implementations, and make it available via HTTP, DNS, and other systems.
Yeah, we could do something like:
but i'm not yet convinced negotiation of cyphers is a bad idea. nodes should be more stern about the cyphers it uses (i.e. prune out weaker things) (NB: not negotiating cyphers does not get rid of handshake. would have to get rid of ephemeral sec chan key to do so. which we could do, since trust here depends on the source key. sessions strictly live shorter than the key used for node.ID (i.e. does forward secrecy make sense if the master private key which defines the node is compromised??) . AFAICT right now, the only other benefit of the ephemeral key is letting nodes split up implementations and safeguard keys better (i.e. i could have a full implementation that i don't give my private key to, only derived keys). |
would be kinda cool to have udp service discovery implemented for ipfs |
yep!! there;s lots of protocols for local discovery, we should use as many as we can. this helps bittorrent clients be so successful at moving data around. |
New: * golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e) * github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc) Changed: * github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012) Alexander F Rødseth (1): Terminals on Windows may not have colors Antoine Grondin (1): default logs to stderr Dotan J. Nahum (1): logrus_syslog / syslog - example should now be valid Madhav Puri (2): Fix Fatalf() and Fatalln() to exit irrespective of log level Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry Matthew Baird (1): proper use of TextFormatter in documentation Philip Allen (4): Added Raygun hook. Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook Merge branch 'master' of https://github.com/Sirupsen/logrus removing raygun hook from hooks dir, adding reference in hooks table of main README.md Simon Eskildsen (12): Merge pull request #170 from aybabtme/log-to-stderr Merge pull request #177 from xyproto/master Merge pull request #178 from mattbaird/patch-1 Merge pull request #168 from squirkle/master Merge pull request #183 from evalphobia/feature/sentry-http-request formatter/json: fix possible race version: bump to 0.8 Merge pull request #187 from mapuri/master version: bump to 0.8.1 Merge pull request #188 from mapuri/master version: 0.8.2 Merge pull request #189 from jondot/patch-1 evalphobia (1): Added special field for *http.Request to Sentry hook * github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a) Cenk Alti (1): fix #14 * github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb) Andrew Sutherland (4): just return ourselves on chainable methods use channel to trigger isFinished make units type safe dont panic on multiple Finish calls Andrey Smirnov (1): Fix the data race on pb.isFinish member. Frederick F. Kautz IV (1): Running gofmt, no semantic changes. Fábio Gomes (1): Adds Set64 func to set the current value as int64 Sergey Cherepanov (8): netbsd support Merge pull request #34 from smira/master Merge pull request #35 from nixxquality/patch-1 Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes Merge pull request #37 from drewis/forupstream Merge pull request #38 from monde-sistemas/master correct speed when start value not 0 return object for a chain calling nixxquality (1): Fix typo * github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd) Simon Menke (1): Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways * github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d) Brian Picciano (19): make cluster package thread-safe CHANGELOG update READMEs to have references to cluster throttle Reset calls in cluster change how options are passed around in cluster, and fix throttle CHANGELOG add a Pattern field to SubReply make DialTimeout actually use DialTimeout (requested by #53) fix bugs in cluster which prevented proper failover handling make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit fix cluster test to handle the Reset throttle properly CHANGELOG refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer small formatting fixes optimize flattening in resp to not create as many intermediate data structures refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to update cluster tests for newest testify code CHANGELOG CHANGELOG Victor (1): add Reply.Float64() method * github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1) Anton Povarov (1): simpler and more computationally efficient solution Dwayne Schultz (4): Add checks in marshal/unmarshal for presence of required fields Improve compatibility Revert "Improve compatibility" Use import helper Georg Apitz (2): Apply @anton-povarov's patch for bitmasks for missing required fields Add test for nested NinOptNative John Tuley (11): Update artifacts from `make all` Test using `Marshal` instead of `MarshalTo` Use `proto.Marshal`/`proto.Unmarshal` Move NewRequiredNotSetError to encode_gogo.go Restore permissions on protoc-gen-gogo/main.go Remove empty lines Remove empty lines Check marshal error in requiredexamplepb_test.go Merge remote-tracking branch 'gogo/master' Add test for unmarshalling populated optional fields as required Add tests for required fields Tamir Duberstein (1): Generate errcheck-passing code Walter Schulze (4): regenerated code Merge pull request #51 from tamird/errcheck fixed errcheck for old protoc versions Merge pull request #48 from jmtuley/master * github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a) Alexander Gugel (1): Add Contains, Peek Armon Dadgar (6): Merge pull request #3 from blopker/master Merge pull request #4 from mreid-moz/add_onevict Merge pull request #6 from client9/master Merge pull request #8 from sciolizer/keys-order Merge pull request #10 from alexanderGugel/has-peek Merge pull request #12 from dkumor/master Bo Lopker (1): Add RWMutex for read-only functions Daniel Kumor (2): Fixed onEvict bug for Purge Added test for onEvicted interface value Joshua Ball (1): Keys() preserves order Kyle Kelley (1): fmt.Sprintf inside panic call Mark Reid (6): Add an 'onEvict' function called when an element is removed. Export the "OnEvicted" function. Stop exposing the internals for eviction. Take a single lock to purge the cache. Purge in the correct LRU order. Call the evict function, then reset the cache. Nick Galbreath (2): change Add method to return bool on eviction gofmt cleanup Ryan Uber (1): Merge pull request #2 from rgbkrk/patch-1 * github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d) Armon Dadgar (5): Prevent Read on a closed stream Adding NumStreams to query open stream count Prevent deadlock with closeStream race Session close waits for receive loop to terminate Adding backpressure to Open to avoid RST * github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2) Chris Howey (1): Merge pull request #109 from missdeer/master Fan Yang (2): Update fsnotify_bsd.go Update fsnotify_open_bsd.go * github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21) Felix Lange (1): soap: quote action names in header Huin (1): Fix CharsetReader creation. Jianfei Wang (1): support xml encoding other than utf-8 John Beisley (2): Merge branch 'fjl-soap-quote' Merge branch 'thinxer-master' * github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd) Jack Palevich (1): Add NewClientForDefaultGateway, test of same. * github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4) Brian Tiger Chow (1): Update listener.go Juan Batiz-Benet (1): Merge pull request #7 from briantigerchow/patch-1 * github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5) Daniel Theophanes (2): osext: do not return trailing slash in folder path. osext: state in readme that args[0] doesn't always work. * github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1) Alex Sergeyev (6): Issue with TLSA parsing identified Fixed SSHFP parsing when multiple lines used for text representation. Updated NSAP support according to RFC1706 Fixed reversed logic. Support for almost all possible ways to format HINFO record Added comment to commented-out testcase Mart Roosmaa (1): Use algorithm number to determine private key type. Michael Haro (3): Check that the query ID matches the answer ID. Keep Exchange as it was, but still check ID. Cleanup Client.exchange Miek Gieben (10): Merge pull request #207 from roosmaa/keyparse Merge pull request #208 from michaelharo/checkid Merge pull request #209 from michaelharo/client Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa Playing with TLSA records Fix off-by-one on the maxTok and maxCom check Add TLSA parsing tests Check the l.err token errors Merge pull request #211 from miekg/tlsa Merge pull request #212 from asergeyev/master * github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9) Suryandaru Triandana (6): Merge pull request #106 from restlessbandit/getprop-errors leveldb: allows disabling buffer pool manualtest/dbstress: disable block cache and buffer pool by default memdb: use named constant instead of integer literal and Reset now holds lock leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go leveldb: allows open or puts DB into read-only mode (closes #107) Travis J Parker (1): uses a public API error that can be compared against for invalid property names * github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a) Jeromy (1): bootstrap addrs cant be 0.0.0.0 * golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae) Dmitry Savintsev (1): crypto/ssh: fix encoding of ssh certs with critical options Han-Wen Nienhuys (1): x/crypto/ssh: bail early if a server has no auth methods configured. Joel Sing (1): poly1305: fix compilation on arm with go tip Jungho Ahn (1): x/crypto/poly1305: add ARM assembly KB Sriram (1): x/crypto/openpgp: Limit packet recursion depth. Shenghou Ma (1): ocsp: fix test on TZ=UTC systems datianshi (1): ssh: add hmac-sha2-256. * golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2) Dave Cheney (1): x/net/websocket: always close underlying connection on ws.Close Ian Lance Taylor (1): html/charset/testdata: update licensing info in README Mikio Hara (4): ipv4: fix build on linux/arm64 ipv6: fix build on linux/arm64 icmp: more coverage to ping test icmp: add missing attribute length check Nigel Tao (7): webdav: skip XML-related tests on Go 1.4. webdav: make properties belong to the File(System), not a PropSystem. webdav: special-case the propfind_invalid2 litmus test. webdav: delete the PropSystem and MemPS types. webdav: add StripPrefix. webdav: have copyFiles copy dead properties. webdav: let DeadPropsHolder.DeadProps return an error. Robert Stepanek (3): webdav: Add PROPPATCH support to in-memory property system. webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource. webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests. * gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df) Matt Silverlock (1): Fixed import in example test to use gopkg.in. Nate Finch (2): Merge pull request #11 from elithrar/v2.0 Fix bug #12
New: * golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e) * github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc) Changed: * github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012) Alexander F Rødseth (1): Terminals on Windows may not have colors Antoine Grondin (1): default logs to stderr Dotan J. Nahum (1): logrus_syslog / syslog - example should now be valid Madhav Puri (2): Fix Fatalf() and Fatalln() to exit irrespective of log level Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry Matthew Baird (1): proper use of TextFormatter in documentation Philip Allen (4): Added Raygun hook. Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook Merge branch 'master' of https://github.com/Sirupsen/logrus removing raygun hook from hooks dir, adding reference in hooks table of main README.md Simon Eskildsen (12): Merge pull request #170 from aybabtme/log-to-stderr Merge pull request #177 from xyproto/master Merge pull request #178 from mattbaird/patch-1 Merge pull request #168 from squirkle/master Merge pull request #183 from evalphobia/feature/sentry-http-request formatter/json: fix possible race version: bump to 0.8 Merge pull request #187 from mapuri/master version: bump to 0.8.1 Merge pull request #188 from mapuri/master version: 0.8.2 Merge pull request #189 from jondot/patch-1 evalphobia (1): Added special field for *http.Request to Sentry hook * github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a) Cenk Alti (1): fix #14 * github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb) Andrew Sutherland (4): just return ourselves on chainable methods use channel to trigger isFinished make units type safe dont panic on multiple Finish calls Andrey Smirnov (1): Fix the data race on pb.isFinish member. Frederick F. Kautz IV (1): Running gofmt, no semantic changes. Fábio Gomes (1): Adds Set64 func to set the current value as int64 Sergey Cherepanov (8): netbsd support Merge pull request #34 from smira/master Merge pull request #35 from nixxquality/patch-1 Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes Merge pull request #37 from drewis/forupstream Merge pull request #38 from monde-sistemas/master correct speed when start value not 0 return object for a chain calling nixxquality (1): Fix typo * github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd) Simon Menke (1): Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways * github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d) Brian Picciano (19): make cluster package thread-safe CHANGELOG update READMEs to have references to cluster throttle Reset calls in cluster change how options are passed around in cluster, and fix throttle CHANGELOG add a Pattern field to SubReply make DialTimeout actually use DialTimeout (requested by #53) fix bugs in cluster which prevented proper failover handling make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit fix cluster test to handle the Reset throttle properly CHANGELOG refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer small formatting fixes optimize flattening in resp to not create as many intermediate data structures refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to update cluster tests for newest testify code CHANGELOG CHANGELOG Victor (1): add Reply.Float64() method * github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1) Anton Povarov (1): simpler and more computationally efficient solution Dwayne Schultz (4): Add checks in marshal/unmarshal for presence of required fields Improve compatibility Revert "Improve compatibility" Use import helper Georg Apitz (2): Apply @anton-povarov's patch for bitmasks for missing required fields Add test for nested NinOptNative John Tuley (11): Update artifacts from `make all` Test using `Marshal` instead of `MarshalTo` Use `proto.Marshal`/`proto.Unmarshal` Move NewRequiredNotSetError to encode_gogo.go Restore permissions on protoc-gen-gogo/main.go Remove empty lines Remove empty lines Check marshal error in requiredexamplepb_test.go Merge remote-tracking branch 'gogo/master' Add test for unmarshalling populated optional fields as required Add tests for required fields Tamir Duberstein (1): Generate errcheck-passing code Walter Schulze (4): regenerated code Merge pull request #51 from tamird/errcheck fixed errcheck for old protoc versions Merge pull request #48 from jmtuley/master * github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a) Alexander Gugel (1): Add Contains, Peek Armon Dadgar (6): Merge pull request #3 from blopker/master Merge pull request #4 from mreid-moz/add_onevict Merge pull request #6 from client9/master Merge pull request #8 from sciolizer/keys-order Merge pull request #10 from alexanderGugel/has-peek Merge pull request #12 from dkumor/master Bo Lopker (1): Add RWMutex for read-only functions Daniel Kumor (2): Fixed onEvict bug for Purge Added test for onEvicted interface value Joshua Ball (1): Keys() preserves order Kyle Kelley (1): fmt.Sprintf inside panic call Mark Reid (6): Add an 'onEvict' function called when an element is removed. Export the "OnEvicted" function. Stop exposing the internals for eviction. Take a single lock to purge the cache. Purge in the correct LRU order. Call the evict function, then reset the cache. Nick Galbreath (2): change Add method to return bool on eviction gofmt cleanup Ryan Uber (1): Merge pull request #2 from rgbkrk/patch-1 * github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d) Armon Dadgar (5): Prevent Read on a closed stream Adding NumStreams to query open stream count Prevent deadlock with closeStream race Session close waits for receive loop to terminate Adding backpressure to Open to avoid RST * github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2) Chris Howey (1): Merge pull request #109 from missdeer/master Fan Yang (2): Update fsnotify_bsd.go Update fsnotify_open_bsd.go * github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21) Felix Lange (1): soap: quote action names in header Huin (1): Fix CharsetReader creation. Jianfei Wang (1): support xml encoding other than utf-8 John Beisley (2): Merge branch 'fjl-soap-quote' Merge branch 'thinxer-master' * github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd) Jack Palevich (1): Add NewClientForDefaultGateway, test of same. * github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4) Brian Tiger Chow (1): Update listener.go Juan Batiz-Benet (1): Merge pull request #7 from briantigerchow/patch-1 * github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5) Daniel Theophanes (2): osext: do not return trailing slash in folder path. osext: state in readme that args[0] doesn't always work. * github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1) Alex Sergeyev (6): Issue with TLSA parsing identified Fixed SSHFP parsing when multiple lines used for text representation. Updated NSAP support according to RFC1706 Fixed reversed logic. Support for almost all possible ways to format HINFO record Added comment to commented-out testcase Mart Roosmaa (1): Use algorithm number to determine private key type. Michael Haro (3): Check that the query ID matches the answer ID. Keep Exchange as it was, but still check ID. Cleanup Client.exchange Miek Gieben (10): Merge pull request #207 from roosmaa/keyparse Merge pull request #208 from michaelharo/checkid Merge pull request #209 from michaelharo/client Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa Playing with TLSA records Fix off-by-one on the maxTok and maxCom check Add TLSA parsing tests Check the l.err token errors Merge pull request #211 from miekg/tlsa Merge pull request #212 from asergeyev/master * github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9) Suryandaru Triandana (6): Merge pull request #106 from restlessbandit/getprop-errors leveldb: allows disabling buffer pool manualtest/dbstress: disable block cache and buffer pool by default memdb: use named constant instead of integer literal and Reset now holds lock leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go leveldb: allows open or puts DB into read-only mode (closes #107) Travis J Parker (1): uses a public API error that can be compared against for invalid property names * github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a) Jeromy (1): bootstrap addrs cant be 0.0.0.0 * golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae) Dmitry Savintsev (1): crypto/ssh: fix encoding of ssh certs with critical options Han-Wen Nienhuys (1): x/crypto/ssh: bail early if a server has no auth methods configured. Joel Sing (1): poly1305: fix compilation on arm with go tip Jungho Ahn (1): x/crypto/poly1305: add ARM assembly KB Sriram (1): x/crypto/openpgp: Limit packet recursion depth. Shenghou Ma (1): ocsp: fix test on TZ=UTC systems datianshi (1): ssh: add hmac-sha2-256. * golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2) Dave Cheney (1): x/net/websocket: always close underlying connection on ws.Close Ian Lance Taylor (1): html/charset/testdata: update licensing info in README Mikio Hara (4): ipv4: fix build on linux/arm64 ipv6: fix build on linux/arm64 icmp: more coverage to ping test icmp: add missing attribute length check Nigel Tao (7): webdav: skip XML-related tests on Go 1.4. webdav: make properties belong to the File(System), not a PropSystem. webdav: special-case the propfind_invalid2 litmus test. webdav: delete the PropSystem and MemPS types. webdav: add StripPrefix. webdav: have copyFiles copy dead properties. webdav: let DeadPropsHolder.DeadProps return an error. Robert Stepanek (3): webdav: Add PROPPATCH support to in-memory property system. webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource. webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests. * gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df) Matt Silverlock (1): Fixed import in example test to use gopkg.in. Nate Finch (2): Merge pull request #11 from elithrar/v2.0 Fix bug #12
New: * golang.org/x/text (c93e7c9fff19fb9139b5ab04ce041833add0134e) * github.com/jackpal/gateway (192609c58b8985e645cbe82ddcb28a4362ca0fdc) Changed: * github.com/Sirupsen/logrus (old rev 26709e2714106fb8ad40b773b711ebce25b78914) (new rev 6ba91e24c498b49d0363c723e9e2ab2b5b8fd012) Alexander F Rødseth (1): Terminals on Windows may not have colors Antoine Grondin (1): default logs to stderr Dotan J. Nahum (1): logrus_syslog / syslog - example should now be valid Madhav Puri (2): Fix Fatalf() and Fatalln() to exit irrespective of log level Fix Fatal*() function of logger to match the behavior of Fatal*() functions of entry Matthew Baird (1): proper use of TextFormatter in documentation Philip Allen (4): Added Raygun hook. Moving raygun hook to its own repositiroy at github.com/squirkle/logrus-raygun-hook Merge branch 'master' of https://github.com/Sirupsen/logrus removing raygun hook from hooks dir, adding reference in hooks table of main README.md Simon Eskildsen (12): Merge pull request #170 from aybabtme/log-to-stderr Merge pull request #177 from xyproto/master Merge pull request #178 from mattbaird/patch-1 Merge pull request #168 from squirkle/master Merge pull request #183 from evalphobia/feature/sentry-http-request formatter/json: fix possible race version: bump to 0.8 Merge pull request #187 from mapuri/master version: bump to 0.8.1 Merge pull request #188 from mapuri/master version: 0.8.2 Merge pull request #189 from jondot/patch-1 evalphobia (1): Added special field for *http.Request to Sentry hook * github.com/cenkalti/backoff (old rev 9831e1e25c874e0a0601b6dc43641071414eec7a) (new rev 6c45d6bc1e78d94431dff8fc28a99f20bafa355a) Cenk Alti (1): fix #14 * github.com/cheggaaa/pb (old rev e8c7cc515bfde3e267957a3b110080ceed51354e) (new rev d7729fd7ec1372c15b83db39834bf842bf2d69fb) Andrew Sutherland (4): just return ourselves on chainable methods use channel to trigger isFinished make units type safe dont panic on multiple Finish calls Andrey Smirnov (1): Fix the data race on pb.isFinish member. Frederick F. Kautz IV (1): Running gofmt, no semantic changes. Fábio Gomes (1): Adds Set64 func to set the current value as int64 Sergey Cherepanov (8): netbsd support Merge pull request #34 from smira/master Merge pull request #35 from nixxquality/patch-1 Merge pull request #36 from fkautz/pr_out_running_gofmt_no_semantic_changes Merge pull request #37 from drewis/forupstream Merge pull request #38 from monde-sistemas/master correct speed when start value not 0 return object for a chain calling nixxquality (1): Fix typo * github.com/crowdmob/goamz/aws (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/crowdmob/goamz/s3 (old rev 82345796204222aa56be89cf930c316b1297f906) (new rev 3a06871fe9fc0281ca90f3a7d97258d042ed64c0) Adrien Bustany (2): s3: Retry on url.Error too s3test: Implement MultiDel support Ali Moeeny (4): Merge pull request #324 from abustany/s3-retry-url-error Merge pull request #329 from richarddbarnett/master Merge pull request #330 from abustany/s3test-multidel Merge pull request #331 from AndreyKostov/master Andrey Kostov (1): Fix signed urls for s3 with v4 auth and IAM roles Matthew Moore (1): Update README.md Richard Barnett (1): Add Kinesis endpoint for us-west-1 * github.com/fd/go-nat (old rev 50e7633d5f27d81490026a13e5b92d2e42d8c6bb) (new rev dcaf50131e4810440bed2cbb6f7f32c4f4cc95dd) Simon Menke (1): Using github.com/jackpal/gateway to discover NAT-PMP/PCP gateways * github.com/fzzy/radix/redis (old rev 27a863cdffdb0998d13e1e11992b18489aeeaa25) (new rev 031cc11e9800a2626ee2ae629655a922b630a07d) Brian Picciano (19): make cluster package thread-safe CHANGELOG update READMEs to have references to cluster throttle Reset calls in cluster change how options are passed around in cluster, and fix throttle CHANGELOG add a Pattern field to SubReply make DialTimeout actually use DialTimeout (requested by #53) fix bugs in cluster which prevented proper failover handling make cluster.getConn attempt to make the pool in question to better handle failover cases, also simplify moved logic a bit fix cluster test to handle the Reset throttle properly CHANGELOG refactor resp writing to not create an intermediate buffer and just write directly to the io.Writer small formatting fixes optimize flattening in resp to not create as many intermediate data structures refactor resp writing even further by making conn have a writeBuffer pre-allocated which resp simply appends to update cluster tests for newest testify code CHANGELOG CHANGELOG Victor (1): add Reply.Float64() method * github.com/gogo/protobuf (old rev 0ac967c269268f1af7d9bcc7927ccc9a589b2b36) (new rev b9e369e8ffb6773efc654ea13594566404314ee1) Anton Povarov (1): simpler and more computationally efficient solution Dwayne Schultz (4): Add checks in marshal/unmarshal for presence of required fields Improve compatibility Revert "Improve compatibility" Use import helper Georg Apitz (2): Apply @anton-povarov's patch for bitmasks for missing required fields Add test for nested NinOptNative John Tuley (11): Update artifacts from `make all` Test using `Marshal` instead of `MarshalTo` Use `proto.Marshal`/`proto.Unmarshal` Move NewRequiredNotSetError to encode_gogo.go Restore permissions on protoc-gen-gogo/main.go Remove empty lines Remove empty lines Check marshal error in requiredexamplepb_test.go Merge remote-tracking branch 'gogo/master' Add test for unmarshalling populated optional fields as required Add tests for required fields Tamir Duberstein (1): Generate errcheck-passing code Walter Schulze (4): regenerated code Merge pull request #51 from tamird/errcheck fixed errcheck for old protoc versions Merge pull request #48 from jmtuley/master * github.com/hashicorp/golang-lru (old rev 253b2dc1ca8bae42c3b5b6e53dd2eab1a7551116) (new rev 995efda3e073b6946b175ed93901d729ad47466a) Alexander Gugel (1): Add Contains, Peek Armon Dadgar (6): Merge pull request #3 from blopker/master Merge pull request #4 from mreid-moz/add_onevict Merge pull request #6 from client9/master Merge pull request #8 from sciolizer/keys-order Merge pull request #10 from alexanderGugel/has-peek Merge pull request #12 from dkumor/master Bo Lopker (1): Add RWMutex for read-only functions Daniel Kumor (2): Fixed onEvict bug for Purge Added test for onEvicted interface value Joshua Ball (1): Keys() preserves order Kyle Kelley (1): fmt.Sprintf inside panic call Mark Reid (6): Add an 'onEvict' function called when an element is removed. Export the "OnEvicted" function. Stop exposing the internals for eviction. Take a single lock to purge the cache. Purge in the correct LRU order. Call the evict function, then reset the cache. Nick Galbreath (2): change Add method to return bool on eviction gofmt cleanup Ryan Uber (1): Merge pull request #2 from rgbkrk/patch-1 * github.com/hashicorp/yamux (old rev 9feabe6854fadca1abec9cd3bd2a613fe9a34000) (new rev b2e55852ddaf823a85c67f798080eb7d08acd71d) Armon Dadgar (5): Prevent Read on a closed stream Adding NumStreams to query open stream count Prevent deadlock with closeStream race Session close waits for receive loop to terminate Adding backpressure to Open to avoid RST * github.com/howeyc/fsnotify (old rev 6b1ef893dc11e0447abda6da20a5203481878dda) (new rev 4894fe7efedeeef21891033e1cce3b23b9af7ad2) Chris Howey (1): Merge pull request #109 from missdeer/master Fan Yang (2): Update fsnotify_bsd.go Update fsnotify_open_bsd.go * github.com/huin/goupnp (old rev 223008361153d7d434c1f0ac990cd3fcae6931f5) (new rev c57ae84388ab59076fd547f1abeab71c2edb0a21) Felix Lange (1): soap: quote action names in header Huin (1): Fix CharsetReader creation. Jianfei Wang (1): support xml encoding other than utf-8 John Beisley (2): Merge branch 'fjl-soap-quote' Merge branch 'thinxer-master' * github.com/jackpal/go-nat-pmp (old rev a45aa3d54aef73b504e15eb71bea0e5565b5e6e1) (new rev 46523a463303c6ede3ddfe45bde1c7ed52ebaacd) Jack Palevich (1): Add NewClientForDefaultGateway, test of same. * github.com/jbenet/go-peerstream (old rev 8d52ed2801410a2af995b4e87660272d11c8a9a4) (new rev 675a5da7e3500d73c2edc84565d6c46b540ad1b4) Brian Tiger Chow (1): Update listener.go Juan Batiz-Benet (1): Merge pull request #7 from briantigerchow/patch-1 * github.com/kardianos/osext (old rev 8fef92e41e22a70e700a96b29f066cda30ea24ef) (new rev 6e7f843663477789fac7c02def0d0909e969b4e5) Daniel Theophanes (2): osext: do not return trailing slash in folder path. osext: state in readme that args[0] doesn't always work. * github.com/miekg/dns (old rev 82ffc45b1f84ff71bd1cebed8b210118ce3d181e) (new rev bb1103f648f811d2018d4bedcb2d4b2bce34a0f1) Alex Sergeyev (6): Issue with TLSA parsing identified Fixed SSHFP parsing when multiple lines used for text representation. Updated NSAP support according to RFC1706 Fixed reversed logic. Support for almost all possible ways to format HINFO record Added comment to commented-out testcase Mart Roosmaa (1): Use algorithm number to determine private key type. Michael Haro (3): Check that the query ID matches the answer ID. Keep Exchange as it was, but still check ID. Cleanup Client.exchange Miek Gieben (10): Merge pull request #207 from roosmaa/keyparse Merge pull request #208 from michaelharo/checkid Merge pull request #209 from michaelharo/client Merge commit '627287e675fb79f57928f77fbfae24abe15ed58b' into tlsa Playing with TLSA records Fix off-by-one on the maxTok and maxCom check Add TLSA parsing tests Check the l.err token errors Merge pull request #211 from miekg/tlsa Merge pull request #212 from asergeyev/master * github.com/syndtr/goleveldb/leveldb (old rev 4875955338b0a434238a31165cb87255ab6e9e4a) (new rev 315fcfb05d4d46d4354b313d146ef688dda272a9) Suryandaru Triandana (6): Merge pull request #106 from restlessbandit/getprop-errors leveldb: allows disabling buffer pool manualtest/dbstress: disable block cache and buffer pool by default memdb: use named constant instead of integer literal and Reset now holds lock leveldb: cleanup DB.recoverJournal(), memdb, session record and split session.go leveldb: allows open or puts DB into read-only mode (closes #107) Travis J Parker (1): uses a public API error that can be compared against for invalid property names * github.com/whyrusleeping/iptb (old rev 3970c95a864f1a40037f796ff596607ce8ae43be) (new rev fa9bbc437fae1c3a9410e7f1bc3dd02f0449279a) Jeromy (1): bootstrap addrs cant be 0.0.0.0 * golang.org/x/crypto (old rev c84e1f8e3a7e322d497cd16c0e8a13c7e127baf3) (new rev ce6bda69189e9f4ff278a5e181691cd695f753ae) Dmitry Savintsev (1): crypto/ssh: fix encoding of ssh certs with critical options Han-Wen Nienhuys (1): x/crypto/ssh: bail early if a server has no auth methods configured. Joel Sing (1): poly1305: fix compilation on arm with go tip Jungho Ahn (1): x/crypto/poly1305: add ARM assembly KB Sriram (1): x/crypto/openpgp: Limit packet recursion depth. Shenghou Ma (1): ocsp: fix test on TZ=UTC systems datianshi (1): ssh: add hmac-sha2-256. * golang.org/x/net (old rev ff8eb9a34a5cbb9941ffc6f84a19a8014c2646ad) (new rev 589db58a47224e5786650dac2677b9c302bab6c2) Dave Cheney (1): x/net/websocket: always close underlying connection on ws.Close Ian Lance Taylor (1): html/charset/testdata: update licensing info in README Mikio Hara (4): ipv4: fix build on linux/arm64 ipv6: fix build on linux/arm64 icmp: more coverage to ping test icmp: add missing attribute length check Nigel Tao (7): webdav: skip XML-related tests on Go 1.4. webdav: make properties belong to the File(System), not a PropSystem. webdav: special-case the propfind_invalid2 litmus test. webdav: delete the PropSystem and MemPS types. webdav: add StripPrefix. webdav: have copyFiles copy dead properties. webdav: let DeadPropsHolder.DeadProps return an error. Robert Stepanek (3): webdav: Add PROPPATCH support to in-memory property system. webdav: Return HTTP 404 for PROPFIND/PROPPATCH requests on an inexistent webdav.Dir resource. webdav: Simplify handling of Etag and Content-Type headers for GET, HEAD, POST and PUT requests. * gopkg.in/natefinch/lumberjack.v2 (old rev d28785c2f27cd682d872df46ccd8232843629f54) (new rev 588a21fb0fa0ebdfde42670fa214576b6f0f22df) Matt Silverlock (1): Fixed import in example test to use gopkg.in. Nate Finch (2): Merge pull request #11 from elithrar/v2.0 Fix bug #12
log spanID info to json output
update cid package through tree
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
Closes: ipfs#6284 Add appropriate IPv6 ranges to defaultServerFilters
fix some performance regressions when reading protobuf nodes
Proposed solution as a simple, secure, and modular transport layer.
Uses peer keys for signing only (which they probably should be restricted to), and a shared key is derived through ECDH. Provides forward secrecy, data secrecy, data integrity, and mutual authentication. Borrows the idea of cipher suites/negotiation from TLS for modularity.
Protocol:
Step 1: Hello = (Random, MultiPublicKey, Supported Algorithms)
Step 2: Exchange = (EECDH Public Key, Sig(Hello1 || Hello2 || EECDH Public Key))
Step 3: Finish = E("Finish")
Atm, it hasn't been integrated with the rest of the code base yet.
Peer review/suggestions welcome, as always.