registry: Node descriptors should be signed by all public keys in the node #2599
Assignees
Labels
c:breaking/consensus
Category: breaking consensus changes
c:bug
Category: bug
c:registry
Category: entity/node/runtime registry service
c:security
Category: security issues
p:0
Priority: High! bugs, address immediately
Comments
Yawning
added
p:0
This was referenced Jan 27, 2020
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The node descriptor isn't actually signed by the consensus, p2p (and in some cases the node descriptor's own) signing keys. This means that there is no proof of possession of the keys, and with duplicated keys being rejected by the consensus layer, it is possible to craft descriptors that cause valid registrations to be rejected.
The text was updated successfully, but these errors were encountered: