Skip to content

Loading…

security #16

Open
dominictarr opened this Issue · 3 comments

3 participants

@dominictarr

So, for security, I'm concerned that sending the authorized keys over the wire with each transaction is not the right approach.

What If I make an unauthorized connection, and then just send my own public key, now presumably I can update anything? Kinda like the guy comes to your house to fix the phone line (whatever) and you let him in because he has a badge...

I think the right approach is to distribute a root key with your installation of seaport - bundle it into a tarball that you install seaport from, (or put it in ~/.seaport/authkey or whatever), and then add keys by signing them with the root key.

@Raynos and I have discussed this issue here dominictarr/scuttlebutt#6

@dominictarr dominictarr referenced this issue in dominictarr/scuttlebutt
Merged

opts.meta #12

@substack
Owner

If you make an unauthorized connection then you won't be able to set any values, only read values from the network. All the other nodes reject updates from nodes not in the authorized keys lists.

@dominictarr
<substack> so all nodes need to sign their own updates AND they need to do it with known keys
<dominictarr> substack, but what if I connect to a node, and send a NEW key, and then start signing updates with it.
<substack> I should split out this logic from seaport so it's easier to experiment and dissect it in isolation
<substack> dominictarr: you can't send a new key unless that update is signed with an authorized key already
<substack> but you could switch which key you use at runtime if you want
<substack> so long as you have the private key for it
<substack> and so long as you initiated the connection with a valid authorized key
<dominictarr> no, but you can send a new key when you connect.
<substack> oh in the metadata?
<substack> TRUE
<dominictarr> yeah.
<dominictarr> I think the root key needs to be bundled.
<substack> thinking how to make that one-sided
<substack> well if you are a server you shouldn't let nodes send you authorized keys lists in metadata
<substack> and by server I mean some node that listens for incoming connections
@cheddar

A pull request was merged here and I saw some commits that seemed to indicate that there were changes made to solve issues with people without credentials publishing things. Does that fix this? (Sorry, there have been two issues so far that I saw that were already fixed, so I'm gonna go through these and try to help by calling attention to the issues posted).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.