Authentication of clients

[mkind]

The initiate_packet of the crypto handshake contains the long term public key of the plugin that wants to connect. This key should be checked against a list of white listed plugins. There should be a way to allow arbitrary connections (effectively disabling authentication).

Proposal

The white listing can be done via file structure. There is a directory that contains sub directories with the white listed and black listed plugin public keys.

plugins
   |-- whitelisting
          |-- plugin1.pub
          |-- plugin2.pub
   |-- blacklisting
          |-- plugin3.pub

The keys are hold in memory so reading files is only needed at start or by manually triggering an update.

The directory containing the corresponding keys should be given in .boxrc file. In the above example the entry might be pluginkeydir /path/to/plugins.

[mkind]

I discussed different approaches with @stze. We going to white- or blacklist clients via the configuration file since it is more common and because we can use the existing config parser.