QREDO Rendezvous Protocol

From IIW
Jump to: navigation, search

Session Topic: Qredo Rendezvous Protocol

Thursday 2H

Convener: Hugh Pyle

Notes-taker: Hugh Pyle

Tags for the session - technology discussed/ideas considered:

Qredo

Rendezvous, addressing, secure channel establishment

Protocol, key exchange

IoT

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Qredo “Rendezvous” protocol. Currently the protocol isn’t published anywhere. First delivery will be as part of the Qredo SDK and operator-hosted services. Open interop etc. is intended for the future.

It’s a session-establishment protocol. Publish a name, into a global namespace; by responding to the name you open a secured communication channel with the publisher. Two-endpoint channels we call “conversations”. The channel is unlinked from the rendezvous.

The rendezvous name (“tag”) is any text string. It’s kinda treated like a secret (only a KDF of the tag is transmitted on the network; the actual tag is to be communicated out-of-band from the publisher to the responder). Some rendezvous tags are long-term, stable identifiers, for multiple responders (each response will open a new channel). Example: publish billboard on Rte.101, or a BLE beacon, advertising a service. Some rendezvous uses are single-shot, where the first response also un-publishes the tag. Example: a single-use random-number rendezvous to be transmitted over NFC between two phones to start a chat conversation.

If the rendezvous tag is a public-key certificate, the publisher’s identity can be challenged by the responder. (Alternatively just a public key, or a pk fingerprint).

The global namespace (in Qredo implementation) is a cloud-hosted, distributed, database-backed service; transport mechanics are HTTP or MQTT. The core protocol is lightweight enough that the namespace could just be done over UDP broadcast without any central resource.

Good discussions of the protocol – and use cases that led to it – and “application-level” uses, the role of unauthenticated channels vs authenticated-first channels.