So a while back I had a few features in mind, most of which required devices knowing each others public keys for the purpose of encrypting secrets to each other without having been connected. Currently there is really no way to know that ahead of time.
We have the key available in discovery server, so I was thinking of adding support for discovery server to store that, and returning during discovery lookup (or could be separate endpoint).
The devices would then store that value locally (or store it on connection if they don’t get it via discovery), so if it was a separate endpoint it would only be called once.
I don’t have concrete feature in mind, but I think this would be generally useful to have, as it allows to craft messages only readable by the destination.
A few things where this might be useful:
- Some sort of side-channel for the future folder password sharing? If I know I want to share folder X with device D and allow it to decrypt it, I could have a blob that is encrypted with Ds public key that only D can read folding the details. I guess the same could be done with encrypting it with a passphrase that both sides know, but just thinking out loud here.
- This could be useful for encrypted discovery (yet it does not work for bootstrapping, as you can’t encrypt addresses for devices that you don’t know that want to talk to you).
- Something something, trusted token for auto-accepting remote devices or something? I guess this can just be a passphrase and doesn’t really need to be something that is public key encrypted, but I guess going from a small token to a device + folder + proof combo is more interesting.
General feeling about this?