search for: trustednode

...sh) is "too automatic" for us : *any* node can add a new node which will be connected directly to others. A solution could be TLS (signing public keys), but create a PKI is another issue for us. Instead, we have an idea : would it be possible to have a option in tinc.conf like "TrustedNodes=aaa,bbb,ccc" ? With this option : (a) any ADD_EDGE/ADD_SUBNET/ANS_KEY/... will be cancelled if it comes from a non-trusted connection (b) all REQ_KEY will be sent to trusted nodes only. (a) is easy, but we do not know how to manage (b). In net_packet.c and protocol_key.c we see :...