Couple of possible options (some of which may have already been mentioned)
1) variable length secrets with a minimum length say 21 to 255
2) throttling somehow the frequency new secrets could be attempted (brute-force issues)
3) while using a shared secret manual approval of new node members by IP
4) logging for each host which syncs against...timestamp, ip, bytes transfers+direction
5) dual-secrets each side has it's own secret and negociates the pairing based up the dual-secret match ala pgp-styled
6) while not perfect geo-location...ie if I live in Australia, I don't want IP's from any other country syncing.
7) ISP based....ie if I have Comcast and the destination has Comcast we are ok, but if it's any other provider well you know what to do.
8) IP-based If I know my destination public ip is x.x.x.x/24
Outside alternatives
1) host-based firewalls, force the app to run on a specific port all the time and only allow access to the world on that port if the outside world is coming from x.x.x.x/24 or pair it with a dynamic DNS provider of your choice to lock-down the outside IP's.
2) block internet access and run site-to-site VPN tunnels.
Long term if made available via API someone could write a wrapping application/plug-in to do some or all of the above.
A thought it was secure ?
in Sync General Discussion
Posted
Couple of possible options (some of which may have already been mentioned)
1) variable length secrets with a minimum length say 21 to 255
2) throttling somehow the frequency new secrets could be attempted (brute-force issues)
3) while using a shared secret manual approval of new node members by IP
4) logging for each host which syncs against...timestamp, ip, bytes transfers+direction
5) dual-secrets each side has it's own secret and negociates the pairing based up the dual-secret match ala pgp-styled
6) while not perfect geo-location...ie if I live in Australia, I don't want IP's from any other country syncing.
7) ISP based....ie if I have Comcast and the destination has Comcast we are ok, but if it's any other provider well you know what to do.
8) IP-based If I know my destination public ip is x.x.x.x/24
Outside alternatives
1) host-based firewalls, force the app to run on a specific port all the time and only allow access to the world on that port if the outside world is coming from x.x.x.x/24 or pair it with a dynamic DNS provider of your choice to lock-down the outside IP's.
2) block internet access and run site-to-site VPN tunnels.
Long term if made available via API someone could write a wrapping application/plug-in to do some or all of the above.