Skip to main content

Security

WebRelay has been architected with a focus on secure, efficient communication between the CLI and the WebRelay service. The foundation of this architecture is its unique approach to establishing and maintaining secure TCP tunnels.

Here's a breakdown:

  1. Secure Initial Connection: At the outset, WebRelay sets up a connection via HTTPS using a secure token that identifies a user. The Https protocol was chosen for its ubiquity and inherent security. The HTTPS protocol offers an encrypted layer, mitigating risks associated with data interception or eavesdropping.

  2. Cryptographic Handshake: Once the HTTPS connection is achieved, a cryptographic handshake is initiated. This process is fundamental in verifying the identities of the communicating entities. Beyond authentication, the handshake determines encryption protocols and standards for the subsequent exchange.

  3. Raw Connection Control: Post-handshake, WebRelay transitions to control the raw connection. By operating at this level, WebRelay bypasses some of the vulnerabilities associated with higher-level protocols, offering a more direct and secure channel for data exchange.

  4. Multiplexing: To optimize data flow, WebRelay employs a multiplexing mechanism. Multiplexing allows multiple data streams to be combined and transmitted over a singular connection. This approach allows for efficient data transfer, reducing the overhead associated with establishing multiple connections. Moreover, by keeping these streams within a single secure connection, encryption consistency and performance are maintained.

Key Attributes:

  • Authentication: Through the cryptographic handshake, WebRelay verifies the authenticity of both client and server, ensuring trusted communication.

  • End-to-End Encryption: From the initial HTTPS to the underlying raw connection, the entire communication process is encrypted, ensuring data privacy and security.

  • Efficiency: By employing multiplexing, WebRelay ensures optimal data transfer rates, making the most of the available bandwidth and reducing latency.