Skip to content
This repository has been archived by the owner. It is now read-only.

SECURITY - Fixes need to identity exchange #133

Open
yaronyg opened this issue Sep 21, 2015 · 1 comment
Open

SECURITY - Fixes need to identity exchange #133

yaronyg opened this issue Sep 21, 2015 · 1 comment
Assignees
Milestone

Comments

@yaronyg
Copy link
Member

yaronyg commented Sep 21, 2015

We need to re-home it on TLS - This will mean getting rid of wrongPeer errors all together and just using TLS to validate identity.

Request Delay - In order to slow down attacks we need to make sure the smallHashStateMachine will only make cb and rnmine requests at the rate of 1 per second.

Response Delay - In order to slow down certain attacks the largeHashStateMachine needs to only accept cb and rnmine requests at the rate of 1 per second. Also note that the current request handling code is purely synchronous so we don't have to worry about handling multiple requests simultaneously, the delay feature will change that. So be aware.

@yaronyg yaronyg added the Icebox label Feb 9, 2016
@yaronyg yaronyg self-assigned this Jul 12, 2016
@yaronyg yaronyg added this to the New Infra milestone Jul 12, 2016
@yaronyg
Copy link
Member Author

yaronyg commented Jul 15, 2016

identityexchange.js - Need to remove reference to ThaliEmitter

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant