Node identity management

(Quiark) #1


I know that each node has its keypair and a name in the Party object. These are collected in the NetworkMap.

My question is that for a more secure deployment, is there a mechanism to approve the creation of keypair-name mapping? We don’t want random nodes claiming they are someone they are not (and assigning their key pair to them). In principle, there would have to be one or more trusted party that signs the keypair-name mapping, just like CAs sign HTTPS certificates today.

I also know that the TLS connection cert must match the Party name but that is IMHO not strong enough (in case nodes are not connected directly or TLS is misconfigured). Also it leaves no record in the ledger on who signed the keypair-name association at which point in time. Any plans to implement this or suggestions what would be a reasonable custom design?


(Roger Willis) #2

Hi Quiark,

In a production deployment there will be a doorman/CA which signs certificates (generated by Corda nodes). As nodes communicate over TLS, all nodes would require a cert to send messages across the network. Names are now X500 names - we are using standard PKIX infrastructure as far as I’m aware. Any other comments @rnicoll ?


(Kwan) #3

Hi there,

Corda doc states that R3 is going to provide the doorman service in near future. What are the considerations I need to take in place to use R3 doorman or implement my own in production? Thanks.