Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privacy(call): use content addressing to help prevent call id leakage through protocol #26

Open
Zaba505 opened this issue Jul 11, 2021 · 0 comments
Open

privacy(call): use content addressing to help prevent call id leakage through protocol #26

Zaba505 opened this issue Jul 11, 2021 · 0 comments
Assignees
@Zaba505
Labels
security Relates to security vulnerabilities or risks

Comments

@Zaba505
Copy link
Member

Zaba505 commented Jul 11, 2021

Currently, the call id is used for specifying the protocol nodes communicate with it. This leaks the call id via the libp2p protocol negotiation which then opens an unnecessary attack vector for bad actors to take advantage of. A potential solution is to mandate a password for each call for encrypting each call id, as well as, using a non-unique protocol for at minimum chat messages.

See #25 for discussion about a non-unique vs unique protocol
@Zaba505 Zaba505 added the security Relates to security vulnerabilities or risks label Jul 11, 2021
@Zaba505 Zaba505 self-assigned this Jul 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zaba505 Zaba505

Labels
security Relates to security vulnerabilities or risks
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Zaba505