Cloud Assistants example with DH ephemeral public keys
Co-design permanent, active, stateful, reliable cloud proxies with your web app.
This infrastructure can then be used to bootstrap secure, direct channels between devices while providing end-to-end security (CAs never know secret keys). Authorization mechanisms managed by CAs also ensure that our devices only talk with devices that we trust. This is done by controlling the discovery of public keys.
We use a
<username>-manager-pubkeys, to make visible all the public keys of the devices that
<username> owns. Therefore, each user needs to create a privileged CA
<username>-manager first. This CA also maintains an
<username>-manager-authorized with the access policy for all its devices. Note that by linking this
AggregateMap to another user's
AggregateMap we can enable interactions between their devices in a simple manner.