8/3/2023 0 Comments File synchronization java![]() ![]() This solves the authentication part of the encryption. Syncthing doesn’t need to verify ownership to a trusted third party because the trust of the other end is established with this exchange of Device IDs. The Device ID which you need to connect two peers is generated from the public key. In the case of Syncthing, it generates a public-private key pair when you install it. The web works this way as it’s not realistic to add certificates of websites manually to the trusted set. You need to verify domain ownership to get a valid certificate from the issuer. If the website can provide a chain of certificates that can reach a trusted root then the browser will trust this connection. Then another certificate is signed by this trusted one, and so on. There is a chain of trust here where a certificate is signed by a trusted root, so it becomes trusted too. The browser trusts only a few root certificates but not the ones provided by the website. How Syncthing can use TLS but without all these complications? For example, Let’s Encrypt requires that you can write a file at a specific location, or the Amazon Certificate Manager needs that you put a CNAME record to the domain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |