2

I have a distributed application that sends and receives data from a specific service on the Internet. When a node receives data, sometimes it needs to validate that that data is correlated with data it or another node previously sent. The value also needs to be unique enough so that I can practically expect never to generate identical values within 24 hours.

In the current implementation I have been using a custom header containing a value of uuid.uuid1(). I can easily validate that that value comes from the one single node running by comparing the received uuid to uuid.getnode(), but this implementation was written before we had a requirement that this app should be multi-node.

I still think that some uuid version is the right answer, but I can't seem to figure out how to validate an incoming uuid value.

>>> received = uuid.uuid5(uuid.NAMESPACE_URL, 'http://example.org')
>>> received
UUID('c57c6902-3774-5f11-80e5-cf09f92b03ac')

Is there some way to validate that received was generated with 'http://example.org'?

  1. Is uuid the right approach at all? If not, what is?
  2. If so, should I even be using uuid5 here?
kojiro
  • 74,557
  • 19
  • 143
  • 201
  • 1
    What's wrong with using PKI for this? – Ignacio Vazquez-Abrams Jul 19 '12 at 20:16
  • As long as you're not worried about a malicious attack, this sounds fine, otherwise, as @IgnacioVazquez-Abrams mentions, you should use some sort of encryption – dfb Jul 19 '12 at 20:22
  • 1
    Not even encryption though, just the signing part. – Ignacio Vazquez-Abrams Jul 19 '12 at 20:29
  • @IgnacioVazquez-Abrams, it's always tricky to prove that a signature comes from your app (authenticating the app as opposed to its user), since you'd have to provide a private key in accessible form to the app (and possibly to whoever gets hold of the device on which it runs). – Bruno Jul 19 '12 at 20:34
  • what do you want? server-authentication, client-authentication, peer-to-peer-authentication, something completely different? – moooeeeep Jul 20 '12 at 14:57
  • @IgnacioVazquez-Abrams I think PKI signing is in essence what I want, except that I'd have to make the private and public keys both available to all the nodes in order for them to be able to both generate signed documents *and* validate received documents from other nodes. – kojiro Jul 20 '12 at 19:20

1 Answers1

0

If the goal is purely to create a unique value across your nodes couldn't you just give each node a unique name and append that to the uuid you are generating?

Wasn't clear to me if you are trying to do this for security reasons or you simply just want a guaranteed unique value across the nodes.

Waterboy
  • 7,342
  • 1
  • 15
  • 5