Thank you, this is very cool and helpful вт, 22 окт. 2024 г. в 23:51, Jason E. Aten <j.e.a...@gmail.com>: > > I wrote this RPC package recently: > > https://github.com/glycerine/rpc25519 > > `rpc25519` is a fun little RPC package that I cooked up to > get comfortable with modern (Ed25519) rather than > antiquated (RSA) crypto primitives. > > Along the way I made a very > helpful tool called `selfy`. > It makes generating self-signed > certificate authorities > and self-signed ed25519 keys easy. > Importantly, these certs will > work on any host. So you don't > have to buy a domain > name to deploy certs or this RPC system. > > Other cool things I discovered: > > 1) quic-go QUIC can get way, way more throughput > than Go's TLS stack for lots of short messages > and new connects. Holy cow its > not enough close. TLS over TCP > will start dragging > after 100 connections in a few seconds, but > QUIC just surges through. > Big Kuddos to the QUIC designers > and the quic-go implementers. > https://github.com/quic-go/quic-go > > 2) QUIC is also super fun because its easy to share > a single UDP port for your client and server. This > can make traversing NATs easier. The rpc25519 > package does this by default, so its pretty > easy to set up by copying what it is doing. > See quic_server.go and quic_client.go > > 2.5) The only sadness to QUIC is on VPNs > over IPv6. See the README for notes/cautions > on this. Its nuts to me to realize that > global IPv6 networks can be so poorly setup. > > 3) Setting up symmetric pre-shared keys for > post-quantum safety is not that hard. Inspired > by Wireguard, optionally, inside TLS, I have rpc25519 > do a quick Diffie-Hellman handshake then mix > in the pre-shared key for forward secrecy > over each connection. It is actually very > little code. symmetric.go has it. The > embedded systems guys who need pre-shared key > support may find this a good starting > point. TLS is an awesome beast but > still a beast sometimes in small places. > > 4) The frozen net/rpc standard lib > package is such a tight design. I > really enjoyed reading its code. > Since its frozen is probably not > a great idea to build on it > directly, so I decided to reproduce > its interface. I glued the top layer on as a > second API option, and its kind of fun > to work with. > I also added context.Context > optionally to the server's up-calls > so you can query your net.Conn and > figure out who you are talking to/ > get other meta data. All > in all, kind of delightful. > > Feedback welcome. > > Enjoy, > > Jason > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/bf4411bd-c236-4ef3-8b36-35310478384en%40googlegroups.com.
-- Vasiliy Tolstov, e-mail: v.tols...@selfip.ru -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CACaajQuddzW9VRMwEt7LfLAXeLPFou271JejvNOg6pmgFkphMA%40mail.gmail.com.
