Do I need CFSSL?

Recently I’ve started a project where the use case goes as the following:

Alice wants to download a file from Bob (could be an organization). Bob is running a web server what is mainly always online. Alice is not but when she goes online she will immediately download the file from Bob’s web server. Likewise to the file on Bob’s web server, Alice has many other web servers to go to and download files.

To establish this connection between Alice and Bob I thought it would be a good idea to set up a central point of communication for both of them. A web server where Bob can inform Alice what files she still needs to download, very similar to a download queue.

So why do I think I need CFSSL?
Well that’s very simple Bob needs to be sure that only Alice downloads the files what he shares on his web server. Of course Alice wouldn’t be very happy if she wanted to download a file from Bob but instead downloaded it from someone else, but it’s not as important as it’s for Bob to be sure that only Alice downloads the file.

If I really need it, then I’m extremely curious about how I should implement this.

  • Who will become the party to obtain certificates?
  • How often do I need to create certificates, will it be per file/user/organization?
  • Will there still be information public, if so what and where?

CFSSL is a PKI/TLS toolkit developed by Cloudflare.

I just included a link to the Github in the first post, but this the homepage url:
https://cfssl.org/

Blog posts about CFSSL:

Why would you think you need it?

To establish end-to-end encryption between Alice and Bob.

So you want to create a P2P connection, not using web servers or Cloudflare’s proxies?!

The connection could be peer to peer at some point, but to establish a connection between Alice and Bob, to help Alice get to know the “address” of Bob. There needs to be a central server, what helps Alice find Bob’s address. This central server could be a web server, a Cloudflare proxy or something else I don’t know.

I am not sure where Cloudflare comes in in all of this. You seem to be after some sort of architectural design for a platform.

Cloudflare handles web requests for a website and CFSSL appears to be a command line utility to manage certificates. Thats it :slight_smile:

This topic was automatically closed after 14 days. New replies are no longer allowed.