I wrote this RPC package recently: https://github.com/glycerine/rpc25519
`rpc25519` is a fun little RPC package that I cooked up to get comfortable with modern (Ed25519) rather than antiquated (RSA) crypto primitives. Along the way I made a very helpful tool called `selfy`. It makes generating self-signed certificate authorities and self-signed ed25519 keys easy. Importantly, these certs will work on any host. So you don't have to buy a domain name to deploy certs or this RPC system. Other cool things I discovered: 1) quic-go QUIC can get way, way more throughput than Go's TLS stack for lots of short messages and new connects. Holy cow its not enough close. TLS over TCP will start dragging after 100 connections in a few seconds, but QUIC just surges through. Big Kuddos to the QUIC designers and the quic-go implementers. https://github.com/quic-go/quic-go 2) QUIC is also super fun because its easy to share a single UDP port for your client and server. This can make traversing NATs easier. The rpc25519 package does this by default, so its pretty easy to set up by copying what it is doing. See quic_server.go and quic_client.go 2.5) The only sadness to QUIC is on VPNs over IPv6. See the README for notes/cautions on this. Its nuts to me to realize that global IPv6 networks can be so poorly setup. 3) Setting up symmetric pre-shared keys for post-quantum safety is not that hard. Inspired by Wireguard, optionally, inside TLS, I have rpc25519 do a quick Diffie-Hellman handshake then mix in the pre-shared key for forward secrecy over each connection. It is actually very little code. symmetric.go has it. The embedded systems guys who need pre-shared key support may find this a good starting point. TLS is an awesome beast but still a beast sometimes in small places. 4) The frozen net/rpc standard lib package is such a tight design. I really enjoyed reading its code. Since its frozen is probably not a great idea to build on it directly, so I decided to reproduce its interface. I glued the top layer on as a second API option, and its kind of fun to work with. I also added context.Context optionally to the server's up-calls so you can query your net.Conn and figure out who you are talking to/ get other meta data. All in all, kind of delightful. Feedback welcome. Enjoy, Jason -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/bf4411bd-c236-4ef3-8b36-35310478384en%40googlegroups.com.
