Is it possible to use ockam for auth without encryption #4060
Replies: 1 comment
-
|
👋 Yes it's possible but we don't currently have an implementation for it. Adding it would take a little bit of work. Ockam Secure Channels have 2 phases -
We currently use AEAD_AES_128_GCM in the data phase - this gives the channel data authenticity, integrity and confidentiality guarantees. However if we instead use the shared secret to calculate a MAC (message authentication code) we would get a channel that only guarantees data authenticity and integrity. This will need some careful design but is possible. This is on our roadmap, but low in priority. If someone on the community would be like to work on this. We would be very happy to help along the way. I'd also love to learn more about your exact use case and threat model. This would be very helpful input to the design. Would you be open to sharing it here or over email? - Thank you, |
Beta Was this translation helpful? Give feedback.
-
With support of unix domain sockets it would make sense to look at ockam as an IPC for embedded systems. From what I have found so far credentials are tied to secure channels which imply encryption.
In order to reduce latency and cpu usage for IPC between services on the same system is it possible create secure channels without encryption?
Beta Was this translation helpful? Give feedback.
All reactions