Skip to content

add PKI uplink and downlink options #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 20 commits into from
Closed

add PKI uplink and downlink options #550

wants to merge 20 commits into from

Conversation

jp-bennett
Copy link
Contributor

Seems like we'll want the switches to control PKI uplink and downlink via MQTT

ianmcorvidae and others added 20 commits August 6, 2024 17:17
@ianmcorvidae
dos2unix telemetry.proto
2b87e57
@thebentern
Short turbo preset
c1b0e1e
@ianmcorvidae
Add optional keywords to stuff that can be "truly zero" within mesh…
020140c 
… packet payloads
@jp-bennett
Adds public_key and private_key for PKI
d55be9e 
co-authored-by: edinnen
@jp-bennett
Add the key used to PKI decrypt to MeshPacket
905d712
@jp-bennett
Re-org some settings into a new SecurityConfig proto
1e1c4d9
@jp-bennett
Also move device_logging_enabled from bluetooth to SecurityConfig
951cca0
@jp-bennett
Add SecurityConfig to Localonly
1696cdf
@jp-bennett
Add admin_channel_enabled to the security config
f5a12c0
@jp-bennett
No default for you, Proto3
81fd9d3
@thebentern
Merge pull request #544 from meshtastic/turbo-preset
19bd2d0 
Short turbo preset
@thebentern
Add client notification fromradio message
4d9da7a
@thebentern
Merge pull request #545 from ianmcorvidae/optional-properties
bd9b1ab 
Optional properties
@garthvh
Update config.proto
4e58f9e 
Update comments to match discord conversation
@garthvh
Update config.proto
b332e07 
update api name
@thebentern
Merge pull request #542 from meshtastic/pki
6af957d 
Adds public_key and private_key for PKI
@thebentern
Merge pull request #546 from meshtastic/client-notification
c112ce6 
Add client notification fromradio message
@thebentern
Merge remote-tracking branch 'origin/master' into 2.5
f5e8424
@jp-bennett
Add SECURITY_CONFIG to admin.proto (#547)
66eb318
@jp-bennett
add PKI uplink and downlink options
9f02bf7 
Addresses #4428
@GUVWAF
Copy link
Member

GUVWAF commented Aug 11, 2024

There's already an "encryption_enabled" setting in the MQTT config. Can't we follow that?

@jp-bennett
Copy link
Contributor Author

There's already an "encryption_enabled" setting in the MQTT config. Can't we follow that?

We're treating PKI as a separate channel, so this setting follows the per-channel MQTT settings. I'm not sure how exactly that would map to encryption_enabled.

@GUVWAF
Copy link
Member

GUVWAF commented Aug 11, 2024
edited
Loading

"encryption_enabled" applies to all packets sent to the MQTT server, no matter which channel. I think we can just follow the same logic for PKI?

@ianmcorvidae
Copy link
Contributor

I believe these new settings aren't for whether the uploaded packets are encrypted or not (with PKI they always are), it's for whether they're uplinked/downlinked to/from MQTT at all. Since the new PKI DMs use different keys, they're effectively "channel-less", so these options are the equivalent of the "uplink enabled" and "downlink enabled" that's on each channel, but for these new messages instead.

@ianmcorvidae
Copy link
Contributor

(or to put it more simply, maybe: if we followed encryption_enabled, then you would be unable to have both encrypted channel messages uplinked & PKI DMs not uplinked; you also wouldn't be able to have PKI messages uplink-only or downlink-only)

@GUVWAF
Copy link
Member

GUVWAF commented Aug 12, 2024

Summary of my points on Discord: currently we also don't have granular settings for uplinking/downlinking DMs and I believe this will be confusing because when you discover a node, you expect you can also DM it.
So if we want to reproduce the current behavior, we would need to uplink/downlink DMs that would otherwise have been sent over a channel we have uplink/downlink enabled. To avoid uplinking/downlinking every DM in an MQTT root topic, I think the best we can do is to check whether you have at least one channel uplink/downlink enabled and both the sender and receiver of the packet in your NodeDB, as then it's likely they share a channel you have uplink/downlink enabled on.

@jp-bennett
Copy link
Contributor Author

Shelving this for now.

@jp-bennett jp-bennett closed this Aug 15, 2024
@caveman99 caveman99 deleted the jp-bennett-patch-1 branch October 12, 2024 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jp-bennett @GUVWAF @ianmcorvidae @thebentern @garthvh