Securing Peer to Peer communication

Is there a standard way to secure peer to peer communication?

Of course there is. If you want to do highly asymmetric communication (i.e. chat or chat-like communication) OTR (or Axolotl) is the way to go. If you want to do (nearly) real-time communication TLS is the way to go.

Both protocols require long-term static keys. You can display the (hex encoded?) hash to the user and let them verify that personally. Additionally you should store the hashes of the public keys and associate them with the peers at application level to warn the user when the public keys change. Beyond that you can offer your users a Web-Of-Trust approach, where they can verify each other's public key / person binding using digital signatures with their private keys.

OTR natively supports using "just public keys", for TLS you can either use self-signed certificates or raw public keys as per RFC 7250 combined with full TLS client authentication.

Tags:

P2P

Tls