Improve registration protocol implementation and switch to NodeKey as main identifier #725
Merged
Improve registration protocol implementation and switch to NodeKey as main identifier #725
Conversation
juanfont
changed the title
juanfont
changed the title
kradalby
reviewed
Aug 12, 2022
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
kradalby
approved these changes
Aug 12, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR lays the groundwork for the implementation of the TS2021 protocol (Tailscale control v2).
Under the Noise protocol the NaCl boxes encrypted with the
MachineKeyare dropped in favour of Noise sessions.MachineKeyloses importance across the code base, and when using Noise they are not sent at all.In headscale we were using the stripped version of the public MachineKey as a sort-of ID, for the iterative login process (including the registrationCache used in the web+CLI and the OIDC flows).
This PR addresses that, switching to NodeKey as identifier.
In addition to it, it also improves a bit the handling of the registration process (and reduces the impact caused by #727 (although does not fully resolve it).