SSL/TLS for IRI: Using HTTPS with the Upcoming Trinity Wallet

The full article was originally published by Rajiv Shah on Medium. Read the full article here.

With the Trinity mobile beta approaching, it is important that node owners are suitably prepared. Mobile app stores require that all data traffic is encrypted with SSL/TLS. If you’re not sure what SSL and TLS do, here’s a quick video to explain it:

What does SSL/TLS mean for Trinity?

Mandatory SSL/TLS is necessary in Trinity for a few reasons. First, Apple requires App Transport Security (ATS) to be enabled in all apps submitted to the App Store. Developers who submit apps without ATS must justify their decision to disable it. Additionally, browsers such as Google Chrome plan to mark any website that does not use HTTPS as “not secure.” As part of the Foundation’s continued efforts to follow best practices, Trinity will not allow non-HTTPS connections.

Why is HTTPS a big deal?

Unlike online stores, node owners do not handle highly sensitive information like credit card numbers. Trinity does not send your seed anywhere, so encryption isn’t imperative as there is no risk to your funds. However, if unencrypted, the data that the wallet sends can pose a potential risk to your privacy and user experience.

Let’s say you go to a coffee shop and connect to the public WiFi. An eavesdropper is there, listening in on your connection. You open Trinity and send some IOTA to pay for your coffee. Without the encryption TLS provides, the eavesdropper can see the transaction you sent and know that it was you who made it. One of the main pillars of distributed ledgers is pseudonymity; by sending your transaction over an unencrypted connection, the eavesdropper now knows the balance of your address along with some information about your transaction. With TLS, the transactions you make on the Tangle are less easily connected to your real-world identity.

What do I need to do?

If you’re a user, you don’t need to do anything. In the upcoming Trinity wallet all supported nodes will be using HTTPS.

How do I enable SSL/TLS on my node?

If you’re a node owner, it’s now easier than ever to get an SSL/TLS certificate and install it on your node if you use Ubuntu or Debian. In collaboration with community member eukaryote, we’ve developed a program to automatically install a free certificate from Let’s Encrypt. We are excited to release an accompanying tutorial on the new IOTA Ecosystem website!

The full article was originally published by Rajiv Shah on Medium, where people are continuing the conversation by highlighting and responding to this story. Read the full article here.

You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More