Export (0) Print
Expand All

5 Security

The following security modes are available to use with the Peer Channel Protocol:

  • Transport security: This mode dictates that the neighbor-to-neighbor connections must be secured with a TLS over TCP connection. There are two modes of transport security:

    • X.509 certificate-based: In this mode, each node will have an X.509 certificate that is issued by a well-known authority. The neighbor-transport connection in this case is a TLS connection configured with that certificate. The certificate is used by the remote party to authenticate the requesting node before allowing the requesting node to join the mesh. Similarly, the requesting node must also authenticate the accepting node (using the certificate that the accepting node has presented during the TLS connection negotiation).

    • Password-based: In case the mesh is secured by a password, the transport is still established using TLS over TCP. In this case, any X.509 certificate may be used. The nodes must not authenticate each other's certificate. Instead, they must prove knowledge of the password to each other using the password security protocol. The requesting neighbor must initiate the password security protocol as soon as the connection is established.

  • X.509 certificate-based message-level security: Independent of the transport security, a mesh can also be configured to have message-level security. In this mode, all senders include a digital signature along with the message. The signature is computed using a well-known X.509 certificate credential. The signature is computed over the application message and sent along with the application message. The message is secured, as specified in [WSTrust].

© 2015 Microsoft