> Like certificates? For the pre-shared-key is this would be a user supplied string, for example like 5 people want to form an adhoc chat network on a public wifi. You would all share a string and you need that to create the network.
I could also see using PKI as a basis as well. For example only network with people trusted by this CA . > I wouldn't recommend coming up with a guaranteed delivery UDP service Not a guaranteed UDP service. The current code open and closes a socket each message, an argument to the URI or a separate gossip:udp_persistent could signify that. > I would caution against prescribing tomcat/jetty/spring-boot/etc for the transport Understood. This is not to say anything is required for the transport they would all be an alternative transport to UDP. My goal here is not to make a heavy weight web app. But if you looking at gossip and what it does now. It is a stateless UDP messages send back and forth. In today's internet world HTTP is ubiquitous. If we change UDP to TCP/HTTP and change "JSON on a UDP packet" into "JSON in an HTTP get request". I can see this being very easy for any popular web programming language to adopt. For example, imagine a URI like gossip:http://host;tls=true, the server would need cgi/servlet/php/whatever to respond to the inbound requests and the ability to run a thread to make outbound requests. My thinking is if every modern web framework that would be great for adoption. I am thinking we can work with a project like https://github.com/bpot/node-gossip Does that make sense? On Tue, May 17, 2016 at 10:44 AM, Gary Dusbabek <[email protected]> wrote: > On Mon, May 16, 2016 at 5:46 PM, Edward Capriolo <[email protected]> > wrote: > > > Hello all, > > > > There are two connection related items in the proposal ( > > https://wiki.apache.org/incubator/GossipProposal) > > > > - Explore HTTP transport as an alternative to UDP > > - Secure communications > > - Transport security using a pre-shared key > > > > Like certificates? > > > > - Public Key Infrastructure > > > > Currently the message sent over the wire sends two connection related > > parameters host and port. Each time a message is send a UDP connection is > > established. Also one interesting bit is that the messages do not have an > > ACK, the active gossip thread picks a partner and sends a message. > > > > My thinking is we would like a few things > > 1) a UDP service that keeps connections alive or TCP? > > > > I wouldn't recommend coming up with a guaranteed delivery UDP service (part > of what TCP is). But I think the idea of a UDP endpoint for receiving > updates is great. > > > > 2) an http service (Ie run gossip as a tomcat/jetty webapp) > > > > I would caution against prescribing tomcat/jetty/spring-boot/etc for the > transport. I think ppl will want to be able to take apache-gossip and embed > them in their own applications that may depend on frameworks. It may be > better to do what over projects to and have modules, e.g.: gossip-core, > gossip-tomcat, gossip-spring-boot, gossip-thrift (yeah, I know), etc. > > > > 3) Encryption > > > > I think an interesting way to go about this would be URI's that will give > > us more flexibility than (host, port) > > > > gossip:udp://host:port > > gossip:tcp://host:port > > gossip:http://host:port > > > > I believe now that protocols like http(S) are out of favor vs start TLS. > > > > That could be something like > > > > gossip:http://host:port;tls=true > > > > I'm fine with this. It's semantics at this point. > > Gary. >
