[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CADET protocol: Anna or Betty?

From: Christian Grothoff
Subject: Re: CADET protocol: Anna or Betty?
Date: Sat, 4 Jan 2020 10:37:56 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2

On 1/3/20 3:23 PM, carlo von lynX wrote:
> On Fri, Jan 03, 2020 at 10:28:02PM +0900, Schanzenbach, Martin wrote:
>> That sounds like it allows anyone to highjack any (established) channel
>> after a successful kx.
> Oh, transport does not guarantee the identity of nodes so CADET
> has to handle authentication itself... great. Still, an attacker
> would not be able to hijack a conversation, just break it.. right?

Transport guarantees it for hop-by-hop, but CADET is end-to-end. So
Transport may assure Anna that she's talking to xrs, and to xrs that
he's talking with Betty, but that doesn't help us for Anna-Betty.

A concern here is an attacker replying an ancient initiation message to
break an ongoing session.
Given that we have 3DH, this should only be about availability, not

> dvn has suggested a different approach, to make the
> CADET_CONNECTION_CREATE ensure that both sides have the same
> state, so we are looking into adding extra info there (which
> I understand would be a breaking protocol change, since gnunet
> does not have PSYC's extensibility).

Breaking compatibility to fix these types of bugs is OK.

> btw, figuring out how CADET tunnels get stuck and stop working
> was the amazing work of
>                       __                               
>                   _|_   >  __  __  __    _  _  | _ _|_ 
>                    |  -{  (_  (_  /__) |/  / | |<   |  
>                    |_ __> __) __) \___ |   \_|_| \  |_ 

Thanks, t3sserakt!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]