Hi Inga, Michal, > On 07/17, Inga Stotland wrote: > >This adds initialization of keyring storage directory when a mesh node > >is attached successfully. > >--- > > mesh/node.c | 8 ++++++++ > > > >+ /* > >+ * TODO: For now always initialize directory for storing > >+ * keyring info. Need to figure out what checks need > >+ * to be performed to do this conditionally, i.e., presence of > >+ * Provisioner interface, etc. > >+ */ > >+ init_storage_dir(node); > > I think the keyring should be initialized as soon ad the node is created. The > keyring should always exist, and should contain at least the local device key - > otherwise DevKeySend can't be used to talk to local Config Server. I agree that the keyring should probably always exist, but not really for the reason Michal states... There are no use case allowed in the specification that allows any Config Client except an authorized Provisioner to communicate with a Config Server (even the local Config Server)... Any changes to a nodes configuration states should be tracked by provisioners in a master database, and this is not really possible if any node is allowed to change it's own CFG Server states. That said, A node can have configuration privileges *transferred* to it, and it is not the responsibility of the daemon to determine when this is. I am fine with creating an (empty) key ring for all nodes.... which in the current architecture just means a few empty folders. > > -- > Michał Lowas-Rzechonek <michal.lowas-rzechonek@xxxxxxxxxxx> > Silvair http://silvair.com > Jasnogórska 44, 31-358 Krakow, POLAND
