just released new versions of Crossbar.io and Autobahn|Python
Of course, feedback is welcome! And if you like, please spread the word about Crossbar.io and Autobahn;)
The releases aggregate the last (hopefully) bunch of Python 3 (unicode vs bytes), and other smaller fixes. But there is more.
A completely new feature is "event history". Often, a subscriber wants to catch up with the latest event _history_, not only receive new events. Here is an example:
Then the releases also contain fixes for WAMP authentication methods. I've tested all methods on both Python 2 and 3, and we now have full examples of all auth. methods:
There are also 2 completely new WAMP authentication methods:
- WAMP-TLS - this is using TLS client certificates for authentication
- WAMP-cryptosign - this is using state-of-the-art, public-private key based mechanism using Curve25519
Curve25519 is an elliptic curve designed by Dan Bernstein ("djb"). djb is a crypto guru, and, a trusted person in the crypto community.
Crossbar.io and WAMP-cryptosign are listed here
under "upcoming" already;)
Looking forward, WAMP-cryptosign will be our preferred authentication method for our own apps.
The fact that it's public-private key means there are no secrets whatsoever on the server side, and the fact that it's based on Curve25519 and NaCl
means it is very secure.
Then, there is another crypto thing in the cooking (alpha code is in above releases already!): WAMP-cryptobox
This, for me, is _the_ most interesting feature in a while!
It's adding an end-to-end encryption option to Crossbar.io and AutobahnPython (for now, but JS and others is possible too).
Yes, that's right: using e2e, not even Crossbar.io is able to read the application payload of your calls and events!
This very much preview .. but here is an example that should give you a better idea of how it looks
The nice thing: once you've added a "keyring" (optionally, configured per-URI keypairs), it is completely transparent from app code. No code changes there at all!
Crossbar.io 0.12.1 identifies as:
(python351_2) oberstet@thinkpad-t430s:~$ crossbar version
Automatically choosing optimal Twisted reactor
Running on Linux and optimal reactor (epoll) was installed.
__ __ __ __ __ __ __ __
/ `|__)/ \/__`/__`|__) /\ |__) |/ \
\__,| \\__/.__/.__/|__)/~~\| \. |\__/
Crossbar.io : 0.12.1
Autobahn : 0.12.1 (with JSON, MessagePack, CBOR)
Twisted : 15.5.0-EPollReactor
LMDB : 0.88/lmdb-0.9.17
Python : 3.5.1/CPython
OS : Linux-3.13.0-76-generic-x86_64-with-debian-jessie-sid
Machine : x86_64
at the command line. Of course we are running the release now on the demo instance (on latest PyPy / Linux) as well:
The demo instance now also use Let's Encrypt certificates, and we've further hardened TLS
Also: the demo instance are actually 2 instances behind geolocation based DNS. Depending on your location, you'll be connected to one of these:
When you open a demo, you should see a statusline at the bottom like
Status: Connected to node cbdemo-eu-central-1 at wss://cbdemo-eu-central-1.crossbar.io/ws
that tells you to which instance you are connected.
Note that the instances are not yet clustered (eg when you are connected to the Votes demo on instance A, you won't get votes on instance B).