Hi all,
I was hoping you could help me out with a design issue I've been having for my application.
Scenario:
I have a decentrizlied p2p network, no central node and no central server (so I can't rely on a 3rd party) I wish to make it as secure as possible. My biggest problem (not suprising given the setup) is having some degree of confidence as to a device's identity.
- (instancetype _Nonnull)initWithPeer:(MCPeerID * _Nonnull)myPeerID
securityIdentity:(NSArray * _Nullable)identity
encryptionPreference:(MCEncryptionPreference)encryptionPreference
According to the documentaiton: https://developer.apple.com/library/prerelease/ios/documentation/MultipeerConnectivity/Reference/MCSessionClassRef/index.html#//apple_ref/occ/instm/MCSession/initWithPeer:securityIdentity:encryptionPreference:, the identity paremeter contains a SecIdentityRef as the first object... so I need a certificate. My question is, was this intended to work on decentralized p2p networks, and if so how?
a. Does one ship the .der and .p12 of a purchased valid signed certificate along with the application? If so, isn't that risky? I.e. the p12 password could be extracted from the binary
b. Does one rely on the application to create a self-signed certificate at runtime (through say the use of openssl) and then try to evaluate these?
or
c. I simply ignore this and go straight to the stage where the peers exchange public keys in order to proceed with encrypted communicaiton.
I'm aware that the with C I don't really know the identity of the other party and that could render all encryption pointless.