Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lite: verify all headers #3259

Closed
ebuchman opened this issue Feb 6, 2019 · 3 comments
Closed

lite: verify all headers #3259

ebuchman opened this issue Feb 6, 2019 · 3 comments
Labels
C:light Component: Light T:security Type: Security (specify priority)
Milestone
Backlog

Comments

@ebuchman
Copy link
Contributor

ebuchman commented Feb 6, 2019
edited
Loading

We currently use bisection to sync a lite client so we don't have to verify all headers. But this unsafe. It looks like doing bisection safely may require application specific components: #3244.

As an immediate remediation, we should verify all headers in order.
@ebuchman ebuchman added C:light Component: Light T:security Type: Security (specify priority) labels Feb 6, 2019
@ebuchman ebuchman mentioned this issue Feb 6, 2019
Closed
@ebuchman ebuchman added this to the v0.32.0 milestone Feb 23, 2019
@liamsi liamsi mentioned this issue Feb 28, 2019
Closed
4 tasks
@jaekwon
Copy link
Contributor

jaekwon commented Mar 24, 2019

See #3244 (comment) on why we need to implement counterfactual signing anyways.

If +2/3 are signing something bad, we've got bigger problems... this solution isn't necessary.

@liamsi liamsi removed their assignment Mar 28, 2019
@liamsi
Copy link
Contributor

liamsi commented Mar 28, 2019

Should we close this then?

@ebuchman ebuchman modified the milestones: v0.32.0, Backlog May 30, 2019
@tac0turtle
Copy link
Contributor

with the work of #3906, #3847, #3911 this issue can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C:light Component: Light T:security Type: Security (specify priority)
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@jaekwon @ebuchman @liamsi @tac0turtle