-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Domain authorization #118
Comments
|
I think an announcement payload may be encrypted, but I think that would require changes of the DHT implementation. I have not really tried yet. |
Thank you for the answers. Hope I'll find a time on the week to play and learn more. So an attacker can create a DHT node with a hash similar to domain and it can see how many of requests are for the site. Not a big deal for unanimous KadNode but still maybe it's possible to grab some privacy improvements from Tor. |
As far I understood the KadNode publishes a domain announcement descriptor in DHT with fields:
They are descibed on wiki https://github.com/mwarning/KadNode/wiki/Data-Structures
But I still didn't get it, so please clarify.
query
is a domain up to 256 chars. Why is that limit? Just curios.Also the AUTH challenge method needs for a connection. What if on announcing a node will encrypt an IP + timestamp pair with a secret key so that everyone can decrypt it with a public key i.e. domain name. Thenk KadNode may receive a list of records from DHT, verify them all and pick one with a latest timestamp.
This is less secure because a domain may already change it's IP again and some another computer may get the old IP. I guess this is a very rare case.
But as an advantage we can make a resolving faster.
The real validation anyway must be done by a some kind of TLS but still an attacker make issue a cert for the domain.
The text was updated successfully, but these errors were encountered: